install/dist/conf/gentoo.conf.php

 <?php
 
 /*
-Copyright (c) 2007, Till Brehm, projektfarm Gmbh
+Copyright (c) 2025, Till Brehm, projektfarm Gmbh
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -43,6 +43,7 @@ $conf['init_scripts'] = '/etc/init.d';
 $conf['runlevel'] = '/etc';
 $conf['shells'] = '/etc/shells';
 $conf['pam'] = '/etc/pam.d';
+$conf['default_php'] = "8.2";
 
 //* Services provided by this server, this selection will be overridden by the expert mode
 $conf['services']['mail'] = true;
@@ -51,6 +52,8 @@ $conf['services']['dns'] = true;
 $conf['services']['file'] = true;
 $conf['services']['db'] = true;
 $conf['services']['vserver'] = true;
+$conf['services']['proxy'] = false;
+$conf['services']['firewall'] = false;
 
 //* MySQL
 $conf['mysql']['installed'] = false; // will be detected automatically during installation
@@ -63,14 +66,15 @@ $conf['mysql']['admin_user'] = 'root';
 $conf['mysql']['admin_password'] = '';
 $conf['mysql']['charset'] = 'utf8';
 $conf['mysql']['ispconfig_user'] = 'ispconfig';
-$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
+$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
 $conf['mysql']['master_slave_setup'] = 'n';
 $conf['mysql']['master_host'] = '';
+$conf['mysql']['master_port'] = '3306';
 $conf['mysql']['master_database'] = 'dbispconfig';
 $conf['mysql']['master_admin_user'] = 'root';
 $conf['mysql']['master_admin_password'] = '';
 $conf['mysql']['master_ispconfig_user'] = '';
-$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
+$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
 
 //* SuPHP
 $conf['suphp']['config_file'] = '/etc/suphp.conf';
@@ -80,7 +84,7 @@ $conf['apache']['installed'] = false; // will be detected automatically during i
 $conf['apache']['user'] = 'apache';
 $conf['apache']['group'] = 'apache';
 $conf['apache']['init_script'] = 'apache2';
-$conf['apache']['version'] = '2.2';
+$conf['apache']['version'] = '2.4';
 $conf['apache']['config_dir'] = '/etc/apache2';
 $conf['apache']['config_file'] = $conf['apache']['config_dir'] .'/httpd.conf';
 $conf['apache']['ssl_dir'] = '/etc/ssl/apache2';
@@ -88,8 +92,8 @@ $conf['apache']['vhost_conf_dir'] = $conf['apache']['config_dir'] . '/vhosts.d';
 $conf['apache']['vhost_conf_enabled_dir'] = $conf['apache']['vhost_conf_dir'];
 $conf['apache']['vhost_default'] = '00_default_vhost.conf';
 $conf['apache']['vhost_port'] = '8080';
-$conf['apache']['php_ini_path_apache'] = '/etc/php/apache2-php5/php.ini';
-$conf['apache']['php_ini_path_cgi'] = '/etc/php/cgi-php5/php.ini';
+$conf['apache']['php_ini_path_apache'] = '/etc/php/apache2-php8.2/php.ini';
+$conf['apache']['php_ini_path_cgi'] = '/etc/php/cgi-php8.2/php.ini';
 
 //* Website base settings
 $conf['web']['website_basedir'] = '/var/www';
@@ -110,7 +114,7 @@ $conf['awstats']['pl'] = '/usr/bin/awstats.pl';
 $conf['awstats']['buildstaticpages_pl'] = '/usr/bin/awstats_buildstaticpages.pl';
 
 //* Fastcgi
-$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/cgi-php5';
+$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/cgi-php8.2';
 $conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
 $conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';
 
@@ -131,6 +135,10 @@ $conf['mailman']['installed'] = false; // will be detected automatically during
 $conf['mailman']['config_dir'] = '/etc/mailman';
 $conf['mailman']['init_script'] = 'mailman';
 
+//* mlmmj
+$conf['mlmmj']['installed'] = false; // will be detected automatically during installation
+$conf['mlmmj']['config_dir'] = '/etc/mlmmj';
+
 //* Getmail
 $conf['getmail']['installed'] = false; // will be detected automatically during installation
 $conf['getmail']['user'] = 'getmail';
@@ -160,8 +168,14 @@ $conf['saslauthd']['init_script'] = 'saslauthd';
 //* Amavisd
 $conf['amavis']['installed'] = false; // will be detected automatically during installation
 $conf['amavis']['config_file'] = '/etc/amavisd.conf';
+$conf['amavis']['config_dir'] = '/etc';
 $conf['amavis']['init_script'] = 'amavisd';
 
+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamd';
@@ -171,6 +185,7 @@ $conf['pureftpd']['installed'] = false; // will be detected automatically during
 $conf['pureftpd']['config_file'] = '/etc/conf.d/pure-ftpd';
 $conf['pureftpd']['mysql_config_file'] = '/etc/pureftpd-mysql.conf';
 $conf['pureftpd']['init_script'] = 'pure-ftpd';
+$conf['pureftpd']['main_config_file'] = '/etc/pure-ftpd.conf';
 
 //* MyDNS
 $conf['mydns']['installed'] = false; // will be detected automatically during installation
@@ -221,16 +236,29 @@ $conf['nginx']['php_fpm_pool_dir'] = '/etc/php5/fpm/pool.d';
 $conf['nginx']['php_fpm_start_port'] = 9010;
 $conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php5-fpm';
 
+//* OpenVZ
+$conf['openvz']['installed'] = false;
+
+//*Bastille-Firwall
+$conf['bastille']['installed'] = false;
+$conf['bastille']['config_dir'] = '/etc/Bastille';
+
 //* vlogger
 $conf['vlogger']['config_dir'] = '/etc/vlogger';
 
 //* cron
-$conf['cron']['init_script'] = 'vixie-cron';
+$conf['cron']['init_script'] = 'cronie';
 $conf['cron']['crontab_dir'] = '/etc/cron.d';
 $conf['cron']['group'] = 'cron';
 $conf['cron']['wget'] = '/usr/bin/wget';
 
-//* OpenVZ
-$conf['openvz']['installed'] = false;
+//* Metronome XMPP
+$conf['xmpp']['installed'] = false;
+$conf['xmpp']['init_script'] = 'metronome';
+
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 
 ?>
+

install/dist/conf/opensuse110.conf.php

@@ -66,6 +66,7 @@ $conf['mysql']['ispconfig_user'] = 'ispconfig';
 $conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
 $conf['mysql']['master_slave_setup'] = 'n';
 $conf['mysql']['master_host'] = '';
+$conf['mysql']['master_port'] = '3306';
 $conf['mysql']['master_database'] = 'dbispconfig';
 $conf['mysql']['master_admin_user'] = 'root';
 $conf['mysql']['master_admin_password'] = '';
@@ -147,6 +148,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_dir'] = '/etc/amavis';
 $conf['amavis']['init_script'] = 'amavis';
 
+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamd';
@@ -216,4 +222,7 @@ $conf['cron']['wget'] = '/usr/bin/wget';;
 //* OpenVZ
 $conf['openvz']['installed'] = false;
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>

install/dist/conf/opensuse112.conf.php

@@ -66,6 +66,7 @@ $conf['mysql']['ispconfig_user'] = 'ispconfig';
 $conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
 $conf['mysql']['master_slave_setup'] = 'n';
 $conf['mysql']['master_host'] = '';
+$conf['mysql']['master_port'] = '3306';
 $conf['mysql']['master_database'] = 'dbispconfig';
 $conf['mysql']['master_admin_user'] = 'root';
 $conf['mysql']['master_admin_password'] = '';
@@ -147,6 +148,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_dir'] = '/etc';
 $conf['amavis']['init_script'] = 'amavis';
 
+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamd';
@@ -216,4 +222,7 @@ $conf['cron']['wget'] = '/usr/bin/wget';
 //* OpenVZ
 $conf['openvz']['installed'] = false;
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>

install/dist/conf/ubuntu1604.conf.php

@@ -43,6 +43,7 @@ $conf['init_scripts'] = '/etc/init.d';
 $conf['runlevel'] = '/etc';
 $conf['shells'] = '/etc/shells';
 $conf['pam'] = '/etc/pam.d';
+$conf['default_php'] = "7.0";
 
 //* Services provided by this server, this selection will be overridden by the expert mode
 $conf['services']['mail'] = true;
@@ -65,14 +66,15 @@ $conf['mysql']['admin_user'] = 'root';
 $conf['mysql']['admin_password'] = '';
 $conf['mysql']['charset'] = 'utf8';
 $conf['mysql']['ispconfig_user'] = 'ispconfig';
-$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
+$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
 $conf['mysql']['master_slave_setup'] = 'n';
 $conf['mysql']['master_host'] = '';
+$conf['mysql']['master_port'] = '3306';
 $conf['mysql']['master_database'] = 'dbispconfig';
 $conf['mysql']['master_admin_user'] = 'root';
 $conf['mysql']['master_admin_password'] = '';
 $conf['mysql']['master_ispconfig_user'] = '';
-$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
+$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
 
 //* Apache
 $conf['apache']['installed'] = false; // will be detected automatically during installation
@@ -149,6 +151,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_dir'] = '/etc/amavis';
 $conf['amavis']['init_script'] = 'amavis';
 
+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamav-daemon';
@@ -183,7 +190,7 @@ $conf['jailkit']['installed'] = false; // will be detected automatically during
 $conf['jailkit']['config_dir'] = '/etc/jailkit';
 $conf['jailkit']['jk_init'] = 'jk_init.ini';
 $conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
-$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch';
+$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch /etc/localtime';
 $conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php';
 
 //* Squid
@@ -227,4 +234,7 @@ $conf['xmpp']['installed'] = false;
 $conf['xmpp']['init_script'] = 'metronome';
 
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>

install/dist/conf/ubuntu1710.conf.php

+<?php
+
+/*
+Copyright (c) 2017, Till Brehm, ISPConfig UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+//***  Ubuntu 17.10 default settings
+
+//* Main
+$conf['language'] = 'en';
+$conf['distname'] = 'ubuntu1710';
+$conf['hostname'] = 'server1.domain.tld'; // Full hostname
+$conf['ispconfig_install_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_config_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_log_priority'] = 2;  // 0 = Debug, 1 = Warning, 2 = Error
+$conf['ispconfig_log_dir'] = '/var/log/ispconfig';
+$conf['server_id'] = 1;
+$conf['init_scripts'] = '/etc/init.d';
+$conf['runlevel'] = '/etc';
+$conf['shells'] = '/etc/shells';
+$conf['pam'] = '/etc/pam.d';
+
+//* Services provided by this server, this selection will be overridden by the expert mode
+$conf['services']['mail'] = true;
+$conf['services']['web'] = true;
+$conf['services']['dns'] = true;
+$conf['services']['file'] = true;
+$conf['services']['db'] = true;
+$conf['services']['vserver'] = true;
+$conf['services']['proxy'] = false;
+$conf['services']['firewall'] = false;
+
+//* MySQL
+$conf['mysql']['installed'] = false; // will be detected automatically during installation
+$conf['mysql']['init_script'] = 'mysql';
+$conf['mysql']['host'] = 'localhost';
+$conf['mysql']['ip'] = '127.0.0.1';
+$conf['mysql']['port'] = '3306';
+$conf['mysql']['database'] = 'dbispconfig';
+$conf['mysql']['admin_user'] = 'root';
+$conf['mysql']['admin_password'] = '';
+$conf['mysql']['charset'] = 'utf8';
+$conf['mysql']['ispconfig_user'] = 'ispconfig';
+$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
+$conf['mysql']['master_slave_setup'] = 'n';
+$conf['mysql']['master_host'] = '';
+$conf['mysql']['master_port'] = '3306';
+$conf['mysql']['master_database'] = 'dbispconfig';
+$conf['mysql']['master_admin_user'] = 'root';
+$conf['mysql']['master_admin_password'] = '';
+$conf['mysql']['master_ispconfig_user'] = '';
+$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
+
+//* Apache
+$conf['apache']['installed'] = false; // will be detected automatically during installation
+$conf['apache']['user'] = 'www-data';
+$conf['apache']['group'] = 'www-data';
+$conf['apache']['init_script'] = 'apache2';
+$conf['apache']['version'] = '2.4';
+$conf['apache']['vhost_conf_dir'] = '/etc/apache2/sites-available';
+$conf['apache']['vhost_conf_enabled_dir'] = '/etc/apache2/sites-enabled';
+$conf['apache']['vhost_port'] = '8080';
+$conf['apache']['php_ini_path_apache'] = '/etc/php/7.1/apache2/php.ini';
+$conf['apache']['php_ini_path_cgi'] = '/etc/php/7.1/cgi/php.ini';
+
+//* Website base settings
+$conf['web']['website_basedir'] = '/var/www';
+$conf['web']['website_path'] = '/var/www/clients/client[client_id]/web[website_id]';
+$conf['web']['website_symlinks'] = '/var/www/[website_domain]/:/var/www/clients/client[client_id]/[website_domain]/';
+
+//* Apps base settings
+$conf['web']['apps_vhost_ip'] = '_default_';
+$conf['web']['apps_vhost_port'] = '8081';
+$conf['web']['apps_vhost_servername'] = '';
+$conf['web']['apps_vhost_user'] = 'ispapps';
+$conf['web']['apps_vhost_group'] = 'ispapps';
+
+//* Fastcgi
+$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/7.1/cgi/';
+$conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
+$conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';
+
+//* Postfix
+$conf['postfix']['installed'] = false; // will be detected automatically during installation
+$conf['postfix']['config_dir'] = '/etc/postfix';
+$conf['postfix']['init_script'] = 'postfix';
+$conf['postfix']['user'] = 'postfix';
+$conf['postfix']['group'] = 'postfix';
+$conf['postfix']['vmail_userid'] = '5000';
+$conf['postfix']['vmail_username'] = 'vmail';
+$conf['postfix']['vmail_groupid'] = '5000';
+$conf['postfix']['vmail_groupname'] = 'vmail';
+$conf['postfix']['vmail_mailbox_base'] = '/var/vmail';
+
+//* Mailman
+$conf['mailman']['installed'] = false; // will be detected automatically during installation
+$conf['mailman']['config_dir'] = '/etc/mailman';
+$conf['mailman']['init_script'] = 'mailman';
+
+//* Getmail
+$conf['getmail']['installed'] = false; // will be detected automatically during installation
+$conf['getmail']['config_dir'] = '/etc/getmail';
+$conf['getmail']['program'] = '/usr/bin/getmail';
+
+//* Courier
+$conf['courier']['installed'] = false; // will be detected automatically during installation
+$conf['courier']['config_dir'] = '/etc/courier';
+$conf['courier']['courier-authdaemon'] = 'courier-authdaemon';
+$conf['courier']['courier-imap'] = 'courier-imap';
+$conf['courier']['courier-imap-ssl'] = 'courier-imap-ssl';
+$conf['courier']['courier-pop'] = 'courier-pop';
+$conf['courier']['courier-pop-ssl'] = 'courier-pop-ssl';
+
+//* Dovecot
+$conf['dovecot']['installed'] = false; // will be detected automatically during installation
+$conf['dovecot']['config_dir'] = '/etc/dovecot';
+$conf['dovecot']['init_script'] = 'dovecot';
+
+//* SASL
+$conf['saslauthd']['installed'] = false; // will be detected automatically during installation
+$conf['saslauthd']['config'] = '/etc/default/saslauthd';
+$conf['saslauthd']['init_script'] = 'saslauthd';
+
+//* Amavisd
+$conf['amavis']['installed'] = false; // will be detected automatically during installation
+$conf['amavis']['config_dir'] = '/etc/amavis';
+$conf['amavis']['init_script'] = 'amavis';
+
+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
+//* ClamAV
+$conf['clamav']['installed'] = false; // will be detected automatically during installation
+$conf['clamav']['init_script'] = 'clamav-daemon';
+
+//* Pureftpd
+$conf['pureftpd']['installed'] = false; // will be detected automatically during installation
+$conf['pureftpd']['config_dir'] = '/etc/pure-ftpd';
+$conf['pureftpd']['init_script'] = 'pure-ftpd-mysql';
+
+//* MyDNS
+$conf['mydns']['installed'] = false; // will be detected automatically during installation
+$conf['mydns']['config_dir'] = '/etc';
+$conf['mydns']['init_script'] = 'mydns';
+
+//* PowerDNS
+$conf['powerdns']['installed'] = false; // will be detected automatically during installation
+$conf['powerdns']['database'] = 'powerdns';
+$conf["powerdns"]["config_dir"] = '/etc/powerdns/pdns.d';
+$conf['powerdns']['init_script'] = 'pdns';
+
+//* BIND DNS Server
+$conf['bind']['installed'] = false; // will be detected automatically during installation
+$conf['bind']['bind_user'] = 'root';
+$conf['bind']['bind_group'] = 'bind';
+$conf['bind']['bind_zonefiles_dir'] = '/etc/bind';
+$conf['bind']['named_conf_path'] = '/etc/bind/named.conf';
+$conf['bind']['named_conf_local_path'] = '/etc/bind/named.conf.local';
+$conf['bind']['init_script'] = 'bind9';
+
+//* Jailkit
+$conf['jailkit']['installed'] = false; // will be detected automatically during installation
+$conf['jailkit']['config_dir'] = '/etc/jailkit';
+$conf['jailkit']['jk_init'] = 'jk_init.ini';
+$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
+$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch /etc/localtime';
+$conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php';
+
+//* Squid
+$conf['squid']['installed'] = false; // will be detected automatically during installation
+$conf['squid']['config_dir'] = '/etc/squid';
+$conf['squid']['init_script'] = 'squid';
+
+//* Nginx
+$conf['nginx']['installed'] = false; // will be detected automatically during installation
+$conf['nginx']['user'] = 'www-data';
+$conf['nginx']['group'] = 'www-data';
+$conf['nginx']['config_dir'] = '/etc/nginx';
+$conf['nginx']['vhost_conf_dir'] = '/etc/nginx/sites-available';
+$conf['nginx']['vhost_conf_enabled_dir'] = '/etc/nginx/sites-enabled';
+$conf['nginx']['init_script'] = 'nginx';
+$conf['nginx']['vhost_port'] = '8080';
+$conf['nginx']['cgi_socket'] = '/var/run/fcgiwrap.socket';
+$conf['nginx']['php_fpm_init_script'] = 'php7.1-fpm';
+$conf['nginx']['php_fpm_ini_path'] = '/etc/php/7.1/fpm/php.ini';
+$conf['nginx']['php_fpm_pool_dir'] = '/etc/php/7.1/fpm/pool.d';
+$conf['nginx']['php_fpm_start_port'] = 9010;
+$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php7.1-fpm';
+
+//* OpenVZ
+$conf['openvz']['installed'] = false;
+
+//*Bastille-Firwall
+$conf['bastille']['installed'] = false;
+$conf['bastille']['config_dir'] = '/etc/Bastille';
+
+//* vlogger
+$conf['vlogger']['config_dir'] = '/etc';
+
+//* cron
+$conf['cron']['init_script'] = 'cron';
+$conf['cron']['crontab_dir'] = '/etc/cron.d';
+$conf['cron']['wget'] = '/usr/bin/wget';
+
+//* Metronome XMPP
+$conf['xmpp']['installed'] = false;
+$conf['xmpp']['init_script'] = 'metronome';
+
+
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
+?>

install/dist/conf/ubuntu1804.conf.php

+<?php
+
+/*
+Copyright (c) 2017, Till Brehm, ISPConfig UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+//***  Ubuntu 18.04 default settings
+
+//* Main
+$conf['language'] = 'en';
+$conf['distname'] = 'ubuntu1804';
+$conf['hostname'] = 'server1.domain.tld'; // Full hostname
+$conf['ispconfig_install_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_config_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_log_priority'] = 2;  // 0 = Debug, 1 = Warning, 2 = Error
+$conf['ispconfig_log_dir'] = '/var/log/ispconfig';
+$conf['server_id'] = 1;
+$conf['init_scripts'] = '/etc/init.d';
+$conf['runlevel'] = '/etc';
+$conf['shells'] = '/etc/shells';
+$conf['pam'] = '/etc/pam.d';
+$conf['default_php'] = "7.2";
+
+//* Services provided by this server, this selection will be overridden by the expert mode
+$conf['services']['mail'] = true;
+$conf['services']['web'] = true;
+$conf['services']['dns'] = true;
+$conf['services']['file'] = true;
+$conf['services']['db'] = true;
+$conf['services']['vserver'] = true;
+$conf['services']['proxy'] = false;
+$conf['services']['firewall'] = false;
+
+//* MySQL
+$conf['mysql']['installed'] = false; // will be detected automatically during installation
+$conf['mysql']['init_script'] = 'mysql';
+$conf['mysql']['host'] = 'localhost';
+$conf['mysql']['ip'] = '127.0.0.1';
+$conf['mysql']['port'] = '3306';
+$conf['mysql']['database'] = 'dbispconfig';
+$conf['mysql']['admin_user'] = 'root';
+$conf['mysql']['admin_password'] = '';
+$conf['mysql']['charset'] = 'utf8';
+$conf['mysql']['ispconfig_user'] = 'ispconfig';
+$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
+$conf['mysql']['master_slave_setup'] = 'n';
+$conf['mysql']['master_host'] = '';
+$conf['mysql']['master_port'] = '3306';
+$conf['mysql']['master_database'] = 'dbispconfig';
+$conf['mysql']['master_admin_user'] = 'root';
+$conf['mysql']['master_admin_password'] = '';
+$conf['mysql']['master_ispconfig_user'] = '';
+$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
+
+//* Apache
+$conf['apache']['installed'] = false; // will be detected automatically during installation
+$conf['apache']['user'] = 'www-data';
+$conf['apache']['group'] = 'www-data';
+$conf['apache']['init_script'] = 'apache2';
+$conf['apache']['version'] = '2.4';
+$conf['apache']['vhost_conf_dir'] = '/etc/apache2/sites-available';
+$conf['apache']['vhost_conf_enabled_dir'] = '/etc/apache2/sites-enabled';
+$conf['apache']['vhost_port'] = '8080';
+$conf['apache']['php_ini_path_apache'] = '/etc/php/7.2/apache2/php.ini';
+$conf['apache']['php_ini_path_cgi'] = '/etc/php/7.2/cgi/php.ini';
+
+//* Website base settings
+$conf['web']['website_basedir'] = '/var/www';
+$conf['web']['website_path'] = '/var/www/clients/client[client_id]/web[website_id]';
+$conf['web']['website_symlinks'] = '/var/www/[website_domain]/:/var/www/clients/client[client_id]/[website_domain]/';
+
+//* Apps base settings
+$conf['web']['apps_vhost_ip'] = '_default_';
+$conf['web']['apps_vhost_port'] = '8081';
+$conf['web']['apps_vhost_servername'] = '';
+$conf['web']['apps_vhost_user'] = 'ispapps';
+$conf['web']['apps_vhost_group'] = 'ispapps';
+
+//* Fastcgi
+$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/7.2/cgi/';
+$conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
+$conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';
+
+//* Postfix
+$conf['postfix']['installed'] = false; // will be detected automatically during installation
+$conf['postfix']['config_dir'] = '/etc/postfix';
+$conf['postfix']['init_script'] = 'postfix';
+$conf['postfix']['user'] = 'postfix';
+$conf['postfix']['group'] = 'postfix';
+$conf['postfix']['vmail_userid'] = '5000';
+$conf['postfix']['vmail_username'] = 'vmail';
+$conf['postfix']['vmail_groupid'] = '5000';
+$conf['postfix']['vmail_groupname'] = 'vmail';
+$conf['postfix']['vmail_mailbox_base'] = '/var/vmail';
+
+//* Mailman
+$conf['mailman']['installed'] = false; // will be detected automatically during installation
+$conf['mailman']['config_dir'] = '/etc/mailman';
+$conf['mailman']['init_script'] = 'mailman';
+
+//* Getmail
+$conf['getmail']['installed'] = false; // will be detected automatically during installation
+$conf['getmail']['config_dir'] = '/etc/getmail';
+$conf['getmail']['program'] = '/usr/bin/getmail';
+
+//* Courier
+$conf['courier']['installed'] = false; // will be detected automatically during installation
+$conf['courier']['config_dir'] = '/etc/courier';
+$conf['courier']['courier-authdaemon'] = 'courier-authdaemon';
+$conf['courier']['courier-imap'] = 'courier-imap';
+$conf['courier']['courier-imap-ssl'] = 'courier-imap-ssl';
+$conf['courier']['courier-pop'] = 'courier-pop';
+$conf['courier']['courier-pop-ssl'] = 'courier-pop-ssl';
+
+//* Dovecot
+$conf['dovecot']['installed'] = false; // will be detected automatically during installation
+$conf['dovecot']['config_dir'] = '/etc/dovecot';
+$conf['dovecot']['init_script'] = 'dovecot';
+
+//* SASL
+$conf['saslauthd']['installed'] = false; // will be detected automatically during installation
+$conf['saslauthd']['config'] = '/etc/default/saslauthd';
+$conf['saslauthd']['init_script'] = 'saslauthd';
+
+//* Amavisd
+$conf['amavis']['installed'] = false; // will be detected automatically during installation
+$conf['amavis']['config_dir'] = '/etc/amavis';
+$conf['amavis']['init_script'] = 'amavis';
+
+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
+//* ClamAV
+$conf['clamav']['installed'] = false; // will be detected automatically during installation
+$conf['clamav']['init_script'] = 'clamav-daemon';
+
+//* Pureftpd
+$conf['pureftpd']['installed'] = false; // will be detected automatically during installation
+$conf['pureftpd']['config_dir'] = '/etc/pure-ftpd';
+$conf['pureftpd']['init_script'] = 'pure-ftpd-mysql';
+
+//* MyDNS
+$conf['mydns']['installed'] = false; // will be detected automatically during installation
+$conf['mydns']['config_dir'] = '/etc';
+$conf['mydns']['init_script'] = 'mydns';
+
+//* PowerDNS
+$conf['powerdns']['installed'] = false; // will be detected automatically during installation
+$conf['powerdns']['database'] = 'powerdns';
+$conf["powerdns"]["config_dir"] = '/etc/powerdns/pdns.d';
+$conf['powerdns']['init_script'] = 'pdns';
+
+//* BIND DNS Server
+$conf['bind']['installed'] = false; // will be detected automatically during installation
+$conf['bind']['bind_user'] = 'root';
+$conf['bind']['bind_group'] = 'bind';
+$conf['bind']['bind_zonefiles_dir'] = '/etc/bind';
+$conf['bind']['named_conf_path'] = '/etc/bind/named.conf';
+$conf['bind']['named_conf_local_path'] = '/etc/bind/named.conf.local';
+$conf['bind']['init_script'] = 'bind9';
+
+//* Jailkit
+$conf['jailkit']['installed'] = false; // will be detected automatically during installation
+$conf['jailkit']['config_dir'] = '/etc/jailkit';
+$conf['jailkit']['jk_init'] = 'jk_init.ini';
+$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
+$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch /etc/localtime';
+$conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php';
+
+//* Squid
+$conf['squid']['installed'] = false; // will be detected automatically during installation
+$conf['squid']['config_dir'] = '/etc/squid';
+$conf['squid']['init_script'] = 'squid';
+
+//* Nginx
+$conf['nginx']['installed'] = false; // will be detected automatically during installation
+$conf['nginx']['user'] = 'www-data';
+$conf['nginx']['group'] = 'www-data';
+$conf['nginx']['config_dir'] = '/etc/nginx';
+$conf['nginx']['vhost_conf_dir'] = '/etc/nginx/sites-available';
+$conf['nginx']['vhost_conf_enabled_dir'] = '/etc/nginx/sites-enabled';
+$conf['nginx']['init_script'] = 'nginx';
+$conf['nginx']['vhost_port'] = '8080';
+$conf['nginx']['cgi_socket'] = '/var/run/fcgiwrap.socket';
+$conf['nginx']['php_fpm_init_script'] = 'php7.2-fpm';
+$conf['nginx']['php_fpm_ini_path'] = '/etc/php/7.2/fpm/php.ini';
+$conf['nginx']['php_fpm_pool_dir'] = '/etc/php/7.2/fpm/pool.d';
+$conf['nginx']['php_fpm_start_port'] = 9010;
+$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php7.2-fpm';
+
+//* OpenVZ
+$conf['openvz']['installed'] = false;
+
+//*Bastille-Firwall
+$conf['bastille']['installed'] = false;
+$conf['bastille']['config_dir'] = '/etc/Bastille';
+
+//* vlogger
+$conf['vlogger']['config_dir'] = '/etc';
+
+//* cron
+$conf['cron']['init_script'] = 'cron';
+$conf['cron']['crontab_dir'] = '/etc/cron.d';
+$conf['cron']['wget'] = '/usr/bin/wget';
+
+//* Metronome XMPP
+$conf['xmpp']['installed'] = false;
+$conf['xmpp']['init_script'] = 'metronome';
+
+
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
+?>

install/dist/conf/ubuntu2004.conf.php

+<?php
+
+/*
+Copyright (c) 2020, Till Brehm, ISPConfig UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+//***  Ubuntu 20.04 default settings
+
+//* Main
+$conf['language'] = 'en';
+$conf['distname'] = 'ubuntu2004';
+$conf['hostname'] = 'server1.domain.tld'; // Full hostname
+$conf['ispconfig_install_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_config_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_log_priority'] = 2;  // 0 = Debug, 1 = Warning, 2 = Error
+$conf['ispconfig_log_dir'] = '/var/log/ispconfig';
+$conf['server_id'] = 1;
+$conf['init_scripts'] = '/etc/init.d';
+$conf['runlevel'] = '/etc';
+$conf['shells'] = '/etc/shells';
+$conf['pam'] = '/etc/pam.d';
+$conf['default_php'] = "7.4";
+
+//* Services provided by this server, this selection will be overridden by the expert mode
+$conf['services']['mail'] = true;
+$conf['services']['web'] = true;
+$conf['services']['dns'] = true;
+$conf['services']['file'] = true;
+$conf['services']['db'] = true;
+$conf['services']['vserver'] = true;
+$conf['services']['proxy'] = false;
+$conf['services']['firewall'] = false;
+
+//* MySQL
+$conf['mysql']['installed'] = false; // will be detected automatically during installation
+$conf['mysql']['init_script'] = 'mysql';
+$conf['mysql']['host'] = 'localhost';
+$conf['mysql']['ip'] = '127.0.0.1';
+$conf['mysql']['port'] = '3306';
+$conf['mysql']['database'] = 'dbispconfig';
+$conf['mysql']['admin_user'] = 'root';
+$conf['mysql']['admin_password'] = '';
+$conf['mysql']['charset'] = 'utf8';
+$conf['mysql']['ispconfig_user'] = 'ispconfig';
+$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
+$conf['mysql']['master_slave_setup'] = 'n';
+$conf['mysql']['master_host'] = '';
+$conf['mysql']['master_port'] = '3306';
+$conf['mysql']['master_database'] = 'dbispconfig';
+$conf['mysql']['master_admin_user'] = 'root';
+$conf['mysql']['master_admin_password'] = '';
+$conf['mysql']['master_ispconfig_user'] = '';
+$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
+
+//* Apache
+$conf['apache']['installed'] = false; // will be detected automatically during installation
+$conf['apache']['user'] = 'www-data';
+$conf['apache']['group'] = 'www-data';
+$conf['apache']['init_script'] = 'apache2';
+$conf['apache']['version'] = '2.4';
+$conf['apache']['vhost_conf_dir'] = '/etc/apache2/sites-available';
+$conf['apache']['vhost_conf_enabled_dir'] = '/etc/apache2/sites-enabled';
+$conf['apache']['vhost_port'] = '8080';
+$conf['apache']['php_ini_path_apache'] = '/etc/php/7.4/apache2/php.ini';
+$conf['apache']['php_ini_path_cgi'] = '/etc/php/7.4/cgi/php.ini';
+
+//* Website base settings
+$conf['web']['website_basedir'] = '/var/www';
+$conf['web']['website_path'] = '/var/www/clients/client[client_id]/web[website_id]';
+$conf['web']['website_symlinks'] = '/var/www/[website_domain]/:/var/www/clients/client[client_id]/[website_domain]/';
+
+//* Apps base settings
+$conf['web']['apps_vhost_ip'] = '_default_';
+$conf['web']['apps_vhost_port'] = '8081';
+$conf['web']['apps_vhost_servername'] = '';
+$conf['web']['apps_vhost_user'] = 'ispapps';
+$conf['web']['apps_vhost_group'] = 'ispapps';
+
+//* Fastcgi
+$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/7.4/cgi/';
+$conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
+$conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';
+
+//* Postfix
+$conf['postfix']['installed'] = false; // will be detected automatically during installation
+$conf['postfix']['config_dir'] = '/etc/postfix';
+$conf['postfix']['init_script'] = 'postfix';
+$conf['postfix']['user'] = 'postfix';
+$conf['postfix']['group'] = 'postfix';
+$conf['postfix']['vmail_userid'] = '5000';
+$conf['postfix']['vmail_username'] = 'vmail';
+$conf['postfix']['vmail_groupid'] = '5000';
+$conf['postfix']['vmail_groupname'] = 'vmail';
+$conf['postfix']['vmail_mailbox_base'] = '/var/vmail';
+
+//* Mailman
+$conf['mailman']['installed'] = false; // will be detected automatically during installation
+$conf['mailman']['config_dir'] = '/etc/mailman';
+$conf['mailman']['init_script'] = 'mailman';
+
+//* Getmail
+$conf['getmail']['installed'] = false; // will be detected automatically during installation
+$conf['getmail']['config_dir'] = '/etc/getmail';
+$conf['getmail']['program'] = '/usr/bin/getmail';
+
+//* Courier
+$conf['courier']['installed'] = false; // will be detected automatically during installation
+$conf['courier']['config_dir'] = '/etc/courier';
+$conf['courier']['courier-authdaemon'] = 'courier-authdaemon';
+$conf['courier']['courier-imap'] = 'courier-imap';
+$conf['courier']['courier-imap-ssl'] = 'courier-imap-ssl';
+$conf['courier']['courier-pop'] = 'courier-pop';
+$conf['courier']['courier-pop-ssl'] = 'courier-pop-ssl';
+
+//* Dovecot
+$conf['dovecot']['installed'] = false; // will be detected automatically during installation
+$conf['dovecot']['config_dir'] = '/etc/dovecot';
+$conf['dovecot']['init_script'] = 'dovecot';
+
+//* SASL
+$conf['saslauthd']['installed'] = false; // will be detected automatically during installation
+$conf['saslauthd']['config'] = '/etc/default/saslauthd';
+$conf['saslauthd']['init_script'] = 'saslauthd';
+
+//* Amavisd
+$conf['amavis']['installed'] = false; // will be detected automatically during installation
+$conf['amavis']['config_dir'] = '/etc/amavis';
+$conf['amavis']['init_script'] = 'amavis';
+
+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
+//* ClamAV
+$conf['clamav']['installed'] = false; // will be detected automatically during installation
+$conf['clamav']['init_script'] = 'clamav-daemon';
+
+//* Pureftpd
+$conf['pureftpd']['installed'] = false; // will be detected automatically during installation
+$conf['pureftpd']['config_dir'] = '/etc/pure-ftpd';
+$conf['pureftpd']['init_script'] = 'pure-ftpd-mysql';
+
+//* MyDNS
+$conf['mydns']['installed'] = false; // will be detected automatically during installation
+$conf['mydns']['config_dir'] = '/etc';
+$conf['mydns']['init_script'] = 'mydns';
+
+//* PowerDNS
+$conf['powerdns']['installed'] = false; // will be detected automatically during installation
+$conf['powerdns']['database'] = 'powerdns';
+$conf["powerdns"]["config_dir"] = '/etc/powerdns/pdns.d';
+$conf['powerdns']['init_script'] = 'pdns';
+
+//* BIND DNS Server
+$conf['bind']['installed'] = false; // will be detected automatically during installation
+$conf['bind']['bind_user'] = 'root';
+$conf['bind']['bind_group'] = 'bind';
+$conf['bind']['bind_zonefiles_dir'] = '/etc/bind';
+$conf['bind']['named_conf_path'] = '/etc/bind/named.conf';
+$conf['bind']['named_conf_local_path'] = '/etc/bind/named.conf.local';
+$conf['bind']['init_script'] = 'bind9';
+
+//* Jailkit
+$conf['jailkit']['installed'] = false; // will be detected automatically during installation
+$conf['jailkit']['config_dir'] = '/etc/jailkit';
+$conf['jailkit']['jk_init'] = 'jk_init.ini';
+$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
+$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch /etc/localtime';
+$conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php';
+
+//* Squid
+$conf['squid']['installed'] = false; // will be detected automatically during installation
+$conf['squid']['config_dir'] = '/etc/squid';
+$conf['squid']['init_script'] = 'squid';
+
+//* Nginx
+$conf['nginx']['installed'] = false; // will be detected automatically during installation
+$conf['nginx']['user'] = 'www-data';
+$conf['nginx']['group'] = 'www-data';
+$conf['nginx']['config_dir'] = '/etc/nginx';
+$conf['nginx']['vhost_conf_dir'] = '/etc/nginx/sites-available';
+$conf['nginx']['vhost_conf_enabled_dir'] = '/etc/nginx/sites-enabled';
+$conf['nginx']['init_script'] = 'nginx';
+$conf['nginx']['vhost_port'] = '8080';
+$conf['nginx']['cgi_socket'] = '/var/run/fcgiwrap.socket';
+$conf['nginx']['php_fpm_init_script'] = 'php7.4-fpm';
+$conf['nginx']['php_fpm_ini_path'] = '/etc/php/7.4/fpm/php.ini';
+$conf['nginx']['php_fpm_pool_dir'] = '/etc/php/7.4/fpm/pool.d';
+$conf['nginx']['php_fpm_start_port'] = 9010;
+$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php7.4-fpm';
+
+//* OpenVZ
+$conf['openvz']['installed'] = false;
+
+//*Bastille-Firwall
+$conf['bastille']['installed'] = false;
+$conf['bastille']['config_dir'] = '/etc/Bastille';
+
+//* vlogger
+$conf['vlogger']['config_dir'] = '/etc';
+
+//* cron
+$conf['cron']['init_script'] = 'cron';
+$conf['cron']['crontab_dir'] = '/etc/cron.d';
+$conf['cron']['wget'] = '/usr/bin/wget';
+
+//* Metronome XMPP
+$conf['xmpp']['installed'] = false;
+$conf['xmpp']['init_script'] = 'metronome';
+
+
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
+?>

install/dist/conf/ubuntu2204.conf.php

+<?php
+
+/*
+Copyright (c) 2022, Till Brehm, ISPConfig UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+//***  Ubuntu 22.04 default settings
+
+//* Main
+$conf['language'] = 'en';
+$conf['distname'] = 'ubuntu2204';
+$conf['hostname'] = 'server1.domain.tld'; // Full hostname
+$conf['ispconfig_install_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_config_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_log_priority'] = 2;  // 0 = Debug, 1 = Warning, 2 = Error
+$conf['ispconfig_log_dir'] = '/var/log/ispconfig';
+$conf['server_id'] = 1;
+$conf['init_scripts'] = '/etc/init.d';
+$conf['runlevel'] = '/etc';
+$conf['shells'] = '/etc/shells';
+$conf['pam'] = '/etc/pam.d';
+$conf['default_php'] = "8.1";
+
+//* Services provided by this server, this selection will be overridden by the expert mode
+$conf['services']['mail'] = true;
+$conf['services']['web'] = true;
+$conf['services']['dns'] = true;
+$conf['services']['file'] = true;
+$conf['services']['db'] = true;
+$conf['services']['vserver'] = true;
+$conf['services']['proxy'] = false;
+$conf['services']['firewall'] = false;
+
+//* MySQL
+$conf['mysql']['installed'] = false; // will be detected automatically during installation
+$conf['mysql']['init_script'] = 'mysql';
+$conf['mysql']['host'] = 'localhost';
+$conf['mysql']['ip'] = '127.0.0.1';
+$conf['mysql']['port'] = '3306';
+$conf['mysql']['database'] = 'dbispconfig';
+$conf['mysql']['admin_user'] = 'root';
+$conf['mysql']['admin_password'] = '';
+$conf['mysql']['charset'] = 'utf8';
+$conf['mysql']['ispconfig_user'] = 'ispconfig';
+$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
+$conf['mysql']['master_slave_setup'] = 'n';
+$conf['mysql']['master_host'] = '';
+$conf['mysql']['master_port'] = '3306';
+$conf['mysql']['master_database'] = 'dbispconfig';
+$conf['mysql']['master_admin_user'] = 'root';
+$conf['mysql']['master_admin_password'] = '';
+$conf['mysql']['master_ispconfig_user'] = '';
+$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
+
+//* Apache
+$conf['apache']['installed'] = false; // will be detected automatically during installation
+$conf['apache']['user'] = 'www-data';
+$conf['apache']['group'] = 'www-data';
+$conf['apache']['init_script'] = 'apache2';
+$conf['apache']['version'] = '2.4';
+$conf['apache']['vhost_conf_dir'] = '/etc/apache2/sites-available';
+$conf['apache']['vhost_conf_enabled_dir'] = '/etc/apache2/sites-enabled';
+$conf['apache']['vhost_port'] = '8080';
+$conf['apache']['php_ini_path_apache'] = '/etc/php/8.1/apache2/php.ini';
+$conf['apache']['php_ini_path_cgi'] = '/etc/php/8.1/cgi/php.ini';
+
+//* Website base settings
+$conf['web']['website_basedir'] = '/var/www';
+$conf['web']['website_path'] = '/var/www/clients/client[client_id]/web[website_id]';
+$conf['web']['website_symlinks'] = '/var/www/[website_domain]/:/var/www/clients/client[client_id]/[website_domain]/';
+
+//* Apps base settings
+$conf['web']['apps_vhost_ip'] = '_default_';
+$conf['web']['apps_vhost_port'] = '8081';
+$conf['web']['apps_vhost_servername'] = '';
+$conf['web']['apps_vhost_user'] = 'ispapps';
+$conf['web']['apps_vhost_group'] = 'ispapps';
+
+//* Fastcgi
+$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/8.1/cgi/';
+$conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
+$conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';
+
+//* Postfix
+$conf['postfix']['installed'] = false; // will be detected automatically during installation
+$conf['postfix']['config_dir'] = '/etc/postfix';
+$conf['postfix']['init_script'] = 'postfix';
+$conf['postfix']['user'] = 'postfix';
+$conf['postfix']['group'] = 'postfix';
+$conf['postfix']['vmail_userid'] = '5000';
+$conf['postfix']['vmail_username'] = 'vmail';
+$conf['postfix']['vmail_groupid'] = '5000';
+$conf['postfix']['vmail_groupname'] = 'vmail';
+$conf['postfix']['vmail_mailbox_base'] = '/var/vmail';
+
+//* Mailman
+$conf['mailman']['installed'] = false; // will be detected automatically during installation
+$conf['mailman']['config_dir'] = '/etc/mailman';
+$conf['mailman']['init_script'] = 'mailman';
+
+//* Getmail
+$conf['getmail']['installed'] = false; // will be detected automatically during installation
+$conf['getmail']['config_dir'] = '/etc/getmail';
+$conf['getmail']['program'] = '/usr/bin/getmail';
+
+//* Courier
+$conf['courier']['installed'] = false; // will be detected automatically during installation
+$conf['courier']['config_dir'] = '/etc/courier';
+$conf['courier']['courier-authdaemon'] = 'courier-authdaemon';
+$conf['courier']['courier-imap'] = 'courier-imap';
+$conf['courier']['courier-imap-ssl'] = 'courier-imap-ssl';
+$conf['courier']['courier-pop'] = 'courier-pop';
+$conf['courier']['courier-pop-ssl'] = 'courier-pop-ssl';
+
+//* Dovecot
+$conf['dovecot']['installed'] = false; // will be detected automatically during installation
+$conf['dovecot']['config_dir'] = '/etc/dovecot';
+$conf['dovecot']['init_script'] = 'dovecot';
+
+//* SASL
+$conf['saslauthd']['installed'] = false; // will be detected automatically during installation
+$conf['saslauthd']['config'] = '/etc/default/saslauthd';
+$conf['saslauthd']['init_script'] = 'saslauthd';
+
+//* Amavisd
+$conf['amavis']['installed'] = false; // will be detected automatically during installation
+$conf['amavis']['config_dir'] = '/etc/amavis';
+$conf['amavis']['init_script'] = 'amavis';
+
+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
+//* ClamAV
+$conf['clamav']['installed'] = false; // will be detected automatically during installation
+$conf['clamav']['init_script'] = 'clamav-daemon';
+
+//* Pureftpd
+$conf['pureftpd']['installed'] = false; // will be detected automatically during installation
+$conf['pureftpd']['config_dir'] = '/etc/pure-ftpd';
+$conf['pureftpd']['init_script'] = 'pure-ftpd-mysql';
+
+//* MyDNS
+$conf['mydns']['installed'] = false; // will be detected automatically during installation
+$conf['mydns']['config_dir'] = '/etc';
+$conf['mydns']['init_script'] = 'mydns';
+
+//* PowerDNS
+$conf['powerdns']['installed'] = false; // will be detected automatically during installation
+$conf['powerdns']['database'] = 'powerdns';
+$conf["powerdns"]["config_dir"] = '/etc/powerdns/pdns.d';
+$conf['powerdns']['init_script'] = 'pdns';
+
+//* BIND DNS Server
+$conf['bind']['installed'] = false; // will be detected automatically during installation
+$conf['bind']['bind_user'] = 'root';
+$conf['bind']['bind_group'] = 'bind';
+$conf['bind']['bind_zonefiles_dir'] = '/etc/bind';
+$conf['bind']['named_conf_path'] = '/etc/bind/named.conf';
+$conf['bind']['named_conf_local_path'] = '/etc/bind/named.conf.local';
+$conf['bind']['init_script'] = 'bind9';
+
+//* Jailkit
+$conf['jailkit']['installed'] = false; // will be detected automatically during installation
+$conf['jailkit']['config_dir'] = '/etc/jailkit';
+$conf['jailkit']['jk_init'] = 'jk_init.ini';
+$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
+$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch /etc/localtime';
+$conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php';
+
+//* Squid
+$conf['squid']['installed'] = false; // will be detected automatically during installation
+$conf['squid']['config_dir'] = '/etc/squid';
+$conf['squid']['init_script'] = 'squid';
+
+//* Nginx
+$conf['nginx']['installed'] = false; // will be detected automatically during installation
+$conf['nginx']['user'] = 'www-data';
+$conf['nginx']['group'] = 'www-data';
+$conf['nginx']['config_dir'] = '/etc/nginx';
+$conf['nginx']['vhost_conf_dir'] = '/etc/nginx/sites-available';
+$conf['nginx']['vhost_conf_enabled_dir'] = '/etc/nginx/sites-enabled';
+$conf['nginx']['init_script'] = 'nginx';
+$conf['nginx']['vhost_port'] = '8080';
+$conf['nginx']['cgi_socket'] = '/var/run/fcgiwrap.socket';
+$conf['nginx']['php_fpm_init_script'] = 'php8.1-fpm';
+$conf['nginx']['php_fpm_ini_path'] = '/etc/php/8.1/fpm/php.ini';
+$conf['nginx']['php_fpm_pool_dir'] = '/etc/php/8.1/fpm/pool.d';
+$conf['nginx']['php_fpm_start_port'] = 9010;
+$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php8.1-fpm';
+
+//* OpenVZ
+$conf['openvz']['installed'] = false;
+
+//*Bastille-Firwall
+$conf['bastille']['installed'] = false;
+$conf['bastille']['config_dir'] = '/etc/Bastille';
+
+//* vlogger
+$conf['vlogger']['config_dir'] = '/etc';
+
+//* cron
+$conf['cron']['init_script'] = 'cron';
+$conf['cron']['crontab_dir'] = '/etc/cron.d';
+$conf['cron']['wget'] = '/usr/bin/wget';
+
+//* Metronome XMPP
+$conf['xmpp']['installed'] = false;
+$conf['xmpp']['init_script'] = 'metronome';
+
+
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
+?>
\ No newline at end of file

install/dist/conf/ubuntu2404.conf.php

+<?php
+
+/*
+Copyright (c) 2024, Till Brehm, ISPConfig UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+//***  Ubuntu 24.04 default settings
+
+//* Main
+$conf['language'] = 'en';
+$conf['distname'] = 'ubuntu2404';
+$conf['hostname'] = 'server1.domain.tld'; // Full hostname
+$conf['ispconfig_install_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_config_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_log_priority'] = 2;  // 0 = Debug, 1 = Warning, 2 = Error
+$conf['ispconfig_log_dir'] = '/var/log/ispconfig';
+$conf['server_id'] = 1;
+$conf['init_scripts'] = '/etc/init.d';
+$conf['runlevel'] = '/etc';
+$conf['shells'] = '/etc/shells';
+$conf['pam'] = '/etc/pam.d';
+$conf['default_php'] = "8.3";
+
+//* Services provided by this server, this selection will be overridden by the expert mode
+$conf['services']['mail'] = true;
+$conf['services']['web'] = true;
+$conf['services']['dns'] = true;
+$conf['services']['file'] = true;
+$conf['services']['db'] = true;
+$conf['services']['vserver'] = true;
+$conf['services']['proxy'] = false;
+$conf['services']['firewall'] = false;
+
+//* MySQL
+$conf['mysql']['installed'] = false; // will be detected automatically during installation
+$conf['mysql']['init_script'] = 'mysql';
+$conf['mysql']['host'] = 'localhost';
+$conf['mysql']['ip'] = '127.0.0.1';
+$conf['mysql']['port'] = '3306';
+$conf['mysql']['database'] = 'dbispconfig';
+$conf['mysql']['admin_user'] = 'root';
+$conf['mysql']['admin_password'] = '';
+$conf['mysql']['charset'] = 'utf8';
+$conf['mysql']['ispconfig_user'] = 'ispconfig';
+$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
+$conf['mysql']['master_slave_setup'] = 'n';
+$conf['mysql']['master_host'] = '';
+$conf['mysql']['master_port'] = '3306';
+$conf['mysql']['master_database'] = 'dbispconfig';
+$conf['mysql']['master_admin_user'] = 'root';
+$conf['mysql']['master_admin_password'] = '';
+$conf['mysql']['master_ispconfig_user'] = '';
+$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
+
+//* Apache
+$conf['apache']['installed'] = false; // will be detected automatically during installation
+$conf['apache']['user'] = 'www-data';
+$conf['apache']['group'] = 'www-data';
+$conf['apache']['init_script'] = 'apache2';
+$conf['apache']['version'] = '2.4';
+$conf['apache']['vhost_conf_dir'] = '/etc/apache2/sites-available';
+$conf['apache']['vhost_conf_enabled_dir'] = '/etc/apache2/sites-enabled';
+$conf['apache']['vhost_port'] = '8080';
+$conf['apache']['php_ini_path_apache'] = '/etc/php/8.3/apache2/php.ini';
+$conf['apache']['php_ini_path_cgi'] = '/etc/php/8.3/cgi/php.ini';
+
+//* Website base settings
+$conf['web']['website_basedir'] = '/var/www';
+$conf['web']['website_path'] = '/var/www/clients/client[client_id]/web[website_id]';
+$conf['web']['website_symlinks'] = '/var/www/[website_domain]/:/var/www/clients/client[client_id]/[website_domain]/';
+
+//* Apps base settings
+$conf['web']['apps_vhost_ip'] = '_default_';
+$conf['web']['apps_vhost_port'] = '8081';
+$conf['web']['apps_vhost_servername'] = '';
+$conf['web']['apps_vhost_user'] = 'ispapps';
+$conf['web']['apps_vhost_group'] = 'ispapps';
+
+//* Fastcgi
+$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/8.3/cgi/';
+$conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
+$conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';
+
+//* Postfix
+$conf['postfix']['installed'] = false; // will be detected automatically during installation
+$conf['postfix']['config_dir'] = '/etc/postfix';
+$conf['postfix']['init_script'] = 'postfix';
+$conf['postfix']['user'] = 'postfix';
+$conf['postfix']['group'] = 'postfix';
+$conf['postfix']['vmail_userid'] = '5000';
+$conf['postfix']['vmail_username'] = 'vmail';
+$conf['postfix']['vmail_groupid'] = '5000';
+$conf['postfix']['vmail_groupname'] = 'vmail';
+$conf['postfix']['vmail_mailbox_base'] = '/var/vmail';
+
+//* Mailman
+$conf['mailman']['installed'] = false; // will be detected automatically during installation
+$conf['mailman']['config_dir'] = '/etc/mailman';
+$conf['mailman']['init_script'] = 'mailman';
+
+//* Getmail
+$conf['getmail']['installed'] = false; // will be detected automatically during installation
+$conf['getmail']['config_dir'] = '/etc/getmail';
+$conf['getmail']['program'] = '/usr/bin/getmail';
+
+//* Courier
+$conf['courier']['installed'] = false; // will be detected automatically during installation
+$conf['courier']['config_dir'] = '/etc/courier';
+$conf['courier']['courier-authdaemon'] = 'courier-authdaemon';
+$conf['courier']['courier-imap'] = 'courier-imap';
+$conf['courier']['courier-imap-ssl'] = 'courier-imap-ssl';
+$conf['courier']['courier-pop'] = 'courier-pop';
+$conf['courier']['courier-pop-ssl'] = 'courier-pop-ssl';
+
+//* Dovecot
+$conf['dovecot']['installed'] = false; // will be detected automatically during installation
+$conf['dovecot']['config_dir'] = '/etc/dovecot';
+$conf['dovecot']['init_script'] = 'dovecot';
+
+//* SASL
+$conf['saslauthd']['installed'] = false; // will be detected automatically during installation
+$conf['saslauthd']['config'] = '/etc/default/saslauthd';
+$conf['saslauthd']['init_script'] = 'saslauthd';
+
+//* Amavisd
+$conf['amavis']['installed'] = false; // will be detected automatically during installation
+$conf['amavis']['config_dir'] = '/etc/amavis';
+$conf['amavis']['init_script'] = 'amavis';
+
+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
+//* ClamAV
+$conf['clamav']['installed'] = false; // will be detected automatically during installation
+$conf['clamav']['init_script'] = 'clamav-daemon';
+
+//* Pureftpd
+$conf['pureftpd']['installed'] = false; // will be detected automatically during installation
+$conf['pureftpd']['config_dir'] = '/etc/pure-ftpd';
+$conf['pureftpd']['init_script'] = 'pure-ftpd-mysql';
+
+//* MyDNS
+$conf['mydns']['installed'] = false; // will be detected automatically during installation
+$conf['mydns']['config_dir'] = '/etc';
+$conf['mydns']['init_script'] = 'mydns';
+
+//* PowerDNS
+$conf['powerdns']['installed'] = false; // will be detected automatically during installation
+$conf['powerdns']['database'] = 'powerdns';
+$conf["powerdns"]["config_dir"] = '/etc/powerdns/pdns.d';
+$conf['powerdns']['init_script'] = 'pdns';
+
+//* BIND DNS Server
+$conf['bind']['installed'] = false; // will be detected automatically during installation
+$conf['bind']['bind_user'] = 'root';
+$conf['bind']['bind_group'] = 'bind';
+$conf['bind']['bind_zonefiles_dir'] = '/etc/bind';
+$conf['bind']['named_conf_path'] = '/etc/bind/named.conf';
+$conf['bind']['named_conf_local_path'] = '/etc/bind/named.conf.local';
+$conf['bind']['init_script'] = 'bind9';
+
+//* Jailkit
+$conf['jailkit']['installed'] = false; // will be detected automatically during installation
+$conf['jailkit']['config_dir'] = '/etc/jailkit';
+$conf['jailkit']['jk_init'] = 'jk_init.ini';
+$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
+$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch /etc/localtime';
+$conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php';
+
+//* Squid
+$conf['squid']['installed'] = false; // will be detected automatically during installation
+$conf['squid']['config_dir'] = '/etc/squid';
+$conf['squid']['init_script'] = 'squid';
+
+//* Nginx
+$conf['nginx']['installed'] = false; // will be detected automatically during installation
+$conf['nginx']['user'] = 'www-data';
+$conf['nginx']['group'] = 'www-data';
+$conf['nginx']['config_dir'] = '/etc/nginx';
+$conf['nginx']['vhost_conf_dir'] = '/etc/nginx/sites-available';
+$conf['nginx']['vhost_conf_enabled_dir'] = '/etc/nginx/sites-enabled';
+$conf['nginx']['init_script'] = 'nginx';
+$conf['nginx']['vhost_port'] = '8080';
+$conf['nginx']['cgi_socket'] = '/var/run/fcgiwrap.socket';
+$conf['nginx']['php_fpm_init_script'] = 'php8.3-fpm';
+$conf['nginx']['php_fpm_ini_path'] = '/etc/php/8.3/fpm/php.ini';
+$conf['nginx']['php_fpm_pool_dir'] = '/etc/php/8.3/fpm/pool.d';
+$conf['nginx']['php_fpm_start_port'] = 9010;
+$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php8.3-fpm';
+
+//* OpenVZ
+$conf['openvz']['installed'] = false;
+
+//*Bastille-Firwall
+$conf['bastille']['installed'] = false;
+$conf['bastille']['config_dir'] = '/etc/Bastille';
+
+//* vlogger
+$conf['vlogger']['config_dir'] = '/etc';
+
+//* cron
+$conf['cron']['init_script'] = 'cron';
+$conf['cron']['crontab_dir'] = '/etc/cron.d';
+$conf['cron']['wget'] = '/usr/bin/wget';
+
+//* Metronome XMPP
+$conf['xmpp']['installed'] = false;
+$conf['xmpp']['init_script'] = 'metronome';
+
+
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
+?>
\ No newline at end of file

install/dist/lib/centos80.lib.php

+<?php
+
+/*
+Copyright (c) 2014, Till Brehm, ISPConfig UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once realpath(dirname(__FILE__)) . '/centos_base.lib.php';
+
+class installer extends installer_centos {
+
+	protected $clamav_socket = '/var/run/clamd.amavisd/clamd.sock';
+	
+	// everything else is inherited from installer_centos class
+}
+
+?>

install/dist/lib/centos90.lib.php

+<?php
+
+/*
+Copyright (c) 2014, Till Brehm, ISPConfig UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once realpath(dirname(__FILE__)) . '/centos_base.lib.php';
+
+class installer extends installer_centos {
+
+	protected $clamav_socket = '/var/run/clamd.amavisd/clamd.sock';
+	
+	// everything else is inherited from installer_centos class
+}
+
+?>

install/dist/lib/centos_base.lib.php

@@ -48,14 +48,21 @@ class installer_centos extends installer_dist {
 		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
 		$content = str_replace('{hostname}', $conf['hostname'], $content);
 		$content = str_replace('/var/spool/amavisd/clamd.sock', $this->clamav_socket, $content);
-		$content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir']);
+		$content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir'], $content);
 		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
 		chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
 		
+		if(!is_file($conf['amavis']['config_dir'].'/60-dkim')) {
+			touch($conf['amavis']['config_dir'].'/60-dkim');
+			chmod($conf['amavis']['config_dir'].'/60-dkim', 0640);
+		}
+		
 		// for CentOS 7.2 only
 		if($dist['confid'] == 'centos72') {
 			chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0750);
 			chgrp($conf['amavis']['config_dir'].'/amavisd.conf', 'amavis');
+			chmod($conf['amavis']['config_dir'].'/60-dkim', 0750);
+			chgrp($conf['amavis']['config_dir'].'/60-dkim', 'amavis');
 		}
 
 
@@ -76,34 +83,50 @@ class installer_centos extends installer_dist {
 
 		$config_dir = $conf['postfix']['config_dir'];
 
-		// Adding amavis-services to the master.cf file if the service does not already exists
-		$add_amavis = !$this->get_postfix_service('amavis','unix');
-		$add_amavis_10025 = !$this->get_postfix_service('127.0.0.1:10025','inet');
-		$add_amavis_10027 = !$this->get_postfix_service('127.0.0.1:10027','inet');
-
-		if ($add_amavis || $add_amavis_10025 || $add_amavis_10027) {
-			//* backup master.cf
-			if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
-			// adjust amavis-config
-			if($add_amavis) {
-				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
-				af($config_dir.'/master.cf', $content);
-				unset($content);
-			}
-			if ($add_amavis_10025) {
-				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
-				af($config_dir.'/master.cf', $content);
-				unset($content);
-			}
-			if ($add_amavis_10027) {
-				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
-				af($config_dir.'/master.cf', $content);
-				unset($content);
-			}
-		}
+		// Adding amavis-services to the master.cf file
+
+		// backup master.cf
+		if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
+
+		// first remove the old service definitions
+		$this->remove_postfix_service('amavis','unix');
+		$this->remove_postfix_service('127.0.0.1:10025','inet');
+		$this->remove_postfix_service('127.0.0.1:10027','inet');
+
+		// then add them back
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
+		af($config_dir.'/master.cf', $content);
+		unset($content);
+
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
+		af($config_dir.'/master.cf', $content);
+		unset($content);
+
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
+		af($config_dir.'/master.cf', $content);
+		unset($content);
 
 		removeLine('/etc/sysconfig/freshclam', 'FRESHCLAM_DELAY=disabled-warn   # REMOVE ME', 1);
 		replaceLine('/etc/freshclam.conf', 'Example', '# Example', 1);
+		
+		// get shell-group for amavis
+		$amavis_group=exec('grep -o "^amavis:\|^vscan:" /etc/group');
+		if(!empty($amavis_group)) {
+			$amavis_group=rtrim($amavis_group, ":");
+		}
+		// get shell-user for amavis
+		$amavis_user=exec('grep -o "^amavis:\|^vscan:" /etc/passwd');
+		if(!empty($amavis_user)) {
+			$amavis_user=rtrim($amavis_user, ":");
+		}
+		
+		// Create the director for DKIM-Keys
+		if(!is_dir('/var/lib/amavis')) mkdir('/var/lib/amavis', 0750, true);
+		if(!empty($amavis_user)) exec('chown '.$amavis_user.' /var/lib/amavis');
+		if(!empty($amavis_group)) exec('chgrp '.$amavis_group.' /var/lib/amavis');
+		if(!is_dir('/var/lib/amavis/dkim')) mkdir('/var/lib/amavis/dkim', 0750);
+		if(!empty($amavis_user)) exec('chown -R '.$amavis_user.' /var/lib/amavis/dkim');
+		if(!empty($amavis_group)) exec('chgrp -R '.$amavis_group.' /var/lib/amavis/dkim');
 
 
 	}

install/dist/lib/debian60.lib.php

@@ -33,17 +33,22 @@ class installer extends installer_base {
 	public function configure_dovecot()
 	{
 		global $conf;
-		
+
 		$virtual_transport = 'dovecot';
 
 		$configure_lmtp = false;
-		
+
+		// use lmtp if installed
+		if($configure_lmtp = (is_file('/usr/lib/dovecot/lmtp') || is_file('/usr/libexec/dovecot/lmtp'))) {
+			$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
+		}
+
 		// check if virtual_transport must be changed
 		if ($this->is_update) {
 			$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
 			$ini_array = ini_to_array(stripslashes($tmp['config']));
 			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
-			
+
 			if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
 				$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
 				$configure_lmtp = true;
@@ -56,7 +61,7 @@ class installer extends installer_base {
 			if(is_file($config_dir.'/master.cf')){
 				copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
 			}
-			if(is_file($config_dir.'/master.cf~')){
+			if(is_file($config_dir.'/master.cf~2')){
 				chmod($config_dir.'/master.cf~2', 0400);
 			}
 			//* Configure master.cf and add a line for deliver
@@ -68,7 +73,6 @@ class installer extends installer_base {
 		}
 
 		//* Reconfigure postfix to use dovecot authentication
-		// Adding the amavisd commands to the postfix configuration
 		$postconf_commands = array (
 			'dovecot_destination_recipient_limit = 1',
 			'virtual_transport = '.$virtual_transport,
@@ -104,6 +108,13 @@ class installer extends installer_base {
 			} else {
 				copy('tpl/debian6_dovecot2.conf.master', $config_dir.'/'.$configfile);
 			}
+			// Copy custom config file
+			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/dovecot_custom.conf.master')) {
+				if(!@is_dir($config_dir . '/conf.d')) {
+					mkdir($config_dir . '/conf.d');
+				}
+				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/dovecot_custom.conf.master', $config_dir.'/conf.d/99-ispconfig-custom-config.conf');
+			}
 			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
 			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = webmaster@localhost', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
 			if(version_compare($dovecot_version,2.1) < 0) {
@@ -111,7 +122,42 @@ class installer extends installer_base {
 			}
 			if(version_compare($dovecot_version,2.2) >= 0) {
 				// Dovecot > 2.2 does not recognize !SSLv2 anymore on Debian 9
-				replaceLine($config_dir.'/'.$configfile, 'ssl_protocols = !SSLv2 !SSLv3', 'ssl_protocols = !SSLv3', 1, 0);
+				$content = file_get_contents($config_dir.'/'.$configfile);
+				$content = str_replace('!SSLv2','',$content);
+				file_put_contents($config_dir.'/'.$configfile,$content);
+				unset($content);
+			}
+			if(version_compare($dovecot_version,2.3) >= 0) {
+				// Remove deprecated setting(s)
+				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
+
+				// Check if we have a dhparams file and if not, create it
+				if(!file_exists('/etc/dovecot/dh.pem')) {
+					swriteln('Creating new DHParams file, this takes several minutes. Do not interrupt the script.');
+					if(file_exists('/var/lib/dovecot/ssl-parameters.dat')) {
+						// convert existing ssl parameters file
+						$command = 'dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem';
+						caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+					} else {
+						/*
+						   Create a new dhparams file. We use 2048 bit only as it simply takes too long
+						   on smaller systems to generate a 4096 bit dh file (> 30 minutes). If you need
+						   a 4096 bit file, create it manually before you install ISPConfig
+						*/
+						$command = 'openssl dhparam -out /etc/dovecot/dh.pem 2048';
+						caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+					}
+				}
+				//remove #2.3+ comment
+				$content = file_get_contents($config_dir.'/'.$configfile);
+				$content = str_replace('#2.3+ ','',$content);
+				file_put_contents($config_dir.'/'.$configfile,$content);
+				unset($content);
+
+			} else {
+				// remove settings which are not supported in Dovecot < 2.3
+				removeLine($config_dir.'/'.$configfile, 'ssl_min_protocol =');
+				removeLine($config_dir.'/'.$configfile, 'ssl_dh =');
 			}
 		} else {
 			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian6_dovecot.conf.master')) {
@@ -120,12 +166,21 @@ class installer extends installer_base {
 				copy('tpl/debian6_dovecot.conf.master', $config_dir.'/'.$configfile);
 			}
 		}
-		
+
+		$dovecot_protocols = 'imap pop3';
+
 		//* dovecot-lmtpd
 		if($configure_lmtp) {
-			replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0);
+			$dovecot_protocols .= ' lmtp';
+		}
+
+		//* dovecot-managesieved
+		if(is_file('/usr/lib/dovecot/managesieve') || is_file('/usr/libexec/dovecot/managesieve')) {
+			$dovecot_protocols .= ' sieve';
 		}
 
+		replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', "protocols = $dovecot_protocols", 1, 0);
+
 		//* dovecot-sql.conf
 		$configfile = 'dovecot-sql.conf';
 		if(is_file($config_dir.'/'.$configfile)){
@@ -148,20 +203,12 @@ class installer extends installer_base {
 		chmod($config_dir.'/'.$configfile, 0600);
 		chown($config_dir.'/'.$configfile, 'root');
 		chgrp($config_dir.'/'.$configfile, 'root');
-		
+
 		// Dovecot shall ignore mounts in website directory
 		if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
 
 	}
 
-	public function configure_apache() {
-		global $conf;
-
-		if(file_exists('/etc/apache2/mods-available/fcgid.conf')) replaceLine('/etc/apache2/mods-available/fcgid.conf', 'MaxRequestLen', 'MaxRequestLen 15728640', 0, 1);
-
-		parent::configure_apache();
-	}
-
 	public function configure_fail2ban() {
 		/*
         copy('tpl/dovecot-pop3imap.conf.master',"/etc/fail2ban/filter.d/dovecot-pop3imap.conf");

install/dist/lib/fedora.lib.php

@@ -30,7 +30,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 class installer_dist extends installer_base {
 	protected $mailman_group = 'mailman';
-	
+
 	public function __construct() {
 		//** check apache modules */
 		$mods = getapachemodules();
@@ -42,259 +42,9 @@ class installer_dist extends installer_base {
 			swriteln($inst->lng('    AllowOverride None'));
 			swriteln($inst->lng('    Require all denied'));
 			swriteln($inst->lng('    </Directory>'."\n"));
-			
-			swriteln($inst->lng('    If it uses the old syntax (deny from all) ISPConfig would fail to work.'));
-		}
-	}
-
-	function configure_postfix($options = '')
-	{
-		global $conf,$autoinstall;
-		$cf = $conf['postfix'];
-		$config_dir = $cf['config_dir'];
-
-		if(!is_dir($config_dir)){
-			$this->error("The postfix configuration directory '$config_dir' does not exist.");
-		}
-
-		//* mysql-virtual_domains.cf
-		$this->process_postfix_config('mysql-virtual_domains.cf');
-
-		//* mysql-virtual_forwardings.cf
-		$this->process_postfix_config('mysql-virtual_forwardings.cf');
-
-		//* mysql-virtual_mailboxes.cf
-		$this->process_postfix_config('mysql-virtual_mailboxes.cf');
-
-		//* mysql-virtual_email2email.cf
-		$this->process_postfix_config('mysql-virtual_email2email.cf');
-
-		//* mysql-virtual_transports.cf
-		$this->process_postfix_config('mysql-virtual_transports.cf');
-
-		//* mysql-virtual_recipient.cf
-		$this->process_postfix_config('mysql-virtual_recipient.cf');
-
-		//* mysql-virtual_sender.cf
-		$this->process_postfix_config('mysql-virtual_sender.cf');
-
-		//* mysql-virtual_sender_login_maps.cf
-		$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
-		
-		//* mysql-virtual_client.cf
-		$this->process_postfix_config('mysql-virtual_client.cf');
-
-		//* mysql-virtual_relaydomains.cf
-		$this->process_postfix_config('mysql-virtual_relaydomains.cf');
-
-		//* mysql-virtual_relayrecipientmaps.cf
-		$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
-		
-		//* mysql-virtual_outgoing_bcc.cf
-		$this->process_postfix_config('mysql-virtual_outgoing_bcc.cf');
-
-		//* mysql-virtual_policy_greylist.cf
-		$this->process_postfix_config('mysql-virtual_policy_greylist.cf');
-
-		//* mysql-virtual_gids.cf.master
-		$this->process_postfix_config('mysql-virtual_gids.cf');
-
-		//* mysql-virtual_uids.cf
-		$this->process_postfix_config('mysql-virtual_uids.cf');
-
-		//* postfix-dkim
-		$full_file_name=$config_dir.'/tag_as_originating.re';
-		if(is_file($full_file_name)) {
-			copy($full_file_name, $config_dir.$configfile.'~');
-		}
-		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
-
-		$full_file_name=$config_dir.'/tag_as_foreign.re';
-		if(is_file($full_file_name)) {
-			copy($full_file_name, $config_dir.$configfile.'~');
-		}
-		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
-
-		//* Changing mode and group of the new created config files.
-		caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
-			__FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed');
-		caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
-			__FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed');
-
-		//* Creating virtual mail user and group
-		$command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
-		if(!is_group($cf['vmail_groupname'])) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-
-		$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
-		if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-
-		//* These postconf commands will be executed on installation and update
-		$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
-		$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
-		unset($server_ini_rec);
-
-		//* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
-		$rbl_list = '';
-		if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
-			$rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
-			foreach ($rbl_hosts as $key => $value) {
-				$rbl_list .= ", reject_rbl_client ". $value;
-			}
-		}
-		unset($rbl_hosts);
-		
-		//* If Postgrey is installed, configure it
-		$greylisting = '';
-		if($conf['postgrey']['installed'] == true) {
-			$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
-		}
-		
-		$reject_sender_login_mismatch = '';
-		if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
-			$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
-		}
-		unset($server_ini_array);
-		
-		$postconf_placeholders = array('{config_dir}' => $config_dir,
-			'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
-			'{vmail_userid}' => $cf['vmail_userid'],
-			'{vmail_groupid}' => $cf['vmail_groupid'],
-			'{rbl_list}' => $rbl_list,
-			'{greylisting}' => $greylisting,
-			'{reject_slm}' => $reject_sender_login_mismatch,
-		);
-		
-		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_postfix.conf.master', 'tpl/fedora_postfix.conf.master');
-		$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
-		$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines
-
-		//* These postconf commands will be executed on installation only
-		if($this->is_update == false) {
-			$postconf_commands = array_merge($postconf_commands, array(
-					'myhostname = '.$conf['hostname'],
-					'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
-					'mynetworks = 127.0.0.0/8 [::1]/128'
-				));
-		}
-
-		//* Create the header and body check files
-		touch($config_dir.'/header_checks');
-		touch($config_dir.'/mime_header_checks');
-		touch($config_dir.'/nested_header_checks');
-		touch($config_dir.'/body_checks');
-
-		//* Create the mailman files
-		if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
-		//if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
-		if(is_file('/var/lib/mailman/data/aliases')) unlink('/var/lib/mailman/data/aliases');
-		if(!is_link('/var/lib/mailman/data/aliases')) symlink('/etc/mailman/aliases', '/var/lib/mailman/data/aliases');
-		if(!is_dir('/etc/mailman')) mkdir('/etc/mailman');
-		if(!is_file('/etc/mailman/aliases')) touch('/etc/mailman/aliases');
-		exec('postalias /var/lib/mailman/data/aliases');
-		if(!is_file('/etc/mailman/virtual-mailman')) touch('/etc/mailman/virtual-mailman');
-		exec('postmap /etc/mailman/virtual-mailman');
-		if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
-		exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
-
-		//* Create auxillary postfix conf files
-		$configfile = 'helo_access';
-		if(is_file($config_dir.'/'.$configfile)) {
-			copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
-			chmod($config_dir.'/'.$configfile.'~', 0400);
-		}
-		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
-		$content = strtr($content, $postconf_placeholders);
-		# todo: look up this server's ip addrs and loop through each
-		# todo: look up domains hosted on this server and loop through each
-		wf($config_dir.'/'.$configfile, $content);
-
-		$configfile = 'blacklist_helo';
-		if(is_file($config_dir.'/'.$configfile)) {
-			copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
-			chmod($config_dir.'/'.$configfile.'~', 0400);
-		}
-		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
-		$content = strtr($content, $postconf_placeholders);
-		wf($config_dir.'/'.$configfile, $content);
 
-		//* Make a backup copy of the main.cf file
-		copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
-
-		//* Executing the postconf commands
-		foreach($postconf_commands as $cmd) {
-			$command = "postconf -e '$cmd'";
-			caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
-		}
-
-		if(!stristr($options, 'dont-create-certs')) {
-			//* Create the SSL certificate
-			if(AUTOINSTALL){
-				$command = 'cd '.$config_dir.'; '
-					."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
-			} else {
-				$command = 'cd '.$config_dir.'; '
-					.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
-			}
-			exec($command);
-
-			$command = 'chmod o= '.$config_dir.'/smtpd.key';
-			caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
-		}
-
-		//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
-		$command = 'chmod 755 /var/spool/authdaemon';
-		caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
-
-		//* Changing maildrop lines in posfix master.cf
-		if(is_file($config_dir.'/master.cf')){
-			copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
-		}
-		if(is_file($config_dir.'/master.cf~')){
-			exec('chmod 400 '.$config_dir.'/master.cf~');
-		}
-		$configfile = $config_dir.'/master.cf';
-		$content = rf($configfile);
-		// if postfix package is from fedora or centios main repo
-		$content = str_replace('#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
-			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
-			$content);
-
-		// If postfix package is from centos plus repo
-		$content = str_replace('#  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
-			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
-			$content);
-
-		$content = str_replace('  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
-			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
-			$content);
-
-
-		$content = str_replace('#maildrop  unix  -       n       n       -       -       pipe',
-			'maildrop  unix  -       n       n       -       -       pipe',
-			$content);
-
-		wf($configfile, $content);
-
-		//* Writing the Maildrop mailfilter file
-		$configfile = 'mailfilter';
-		if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)){
-			copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
+			swriteln($inst->lng('    If it uses the old syntax (deny from all) ISPConfig would fail to work.'));
 		}
-		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
-		$content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
-		wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
-
-		//* Create the directory for the custom mailfilters
-		$command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
-		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-
-		//* Chmod and chown the .mailfilter file
-		$command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
-		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-
-		$command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
-		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-
 	}
 
 	public function configure_saslauthd() {
@@ -368,13 +118,18 @@ class installer_dist extends installer_base {
 		$virtual_transport = 'dovecot';
 
 		$configure_lmtp = false;
-		
+
+		// use lmtp if installed
+		if($configure_lmtp = (is_file('/usr/lib/dovecot/lmtp') || is_file('/usr/libexec/dovecot/lmtp'))) {
+			$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
+		}
+
 		// check if virtual_transport must be changed
 		if ($this->is_update) {
 			$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
 			$ini_array = ini_to_array(stripslashes($tmp['config']));
 			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
-			
+
 			if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
 				$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
 				$configure_lmtp = true;
@@ -389,7 +144,7 @@ class installer_dist extends installer_base {
 			if(is_file($config_dir.'/master.cf')){
 				copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
 			}
-			if(is_file($config_dir.'/master.cf~')){
+			if(is_file($config_dir.'/master.cf~2')){
 				chmod($config_dir.'/master.cf~2', 0400);
 			}
 			//* Configure master.cf and add a line for deliver
@@ -401,7 +156,6 @@ class installer_dist extends installer_base {
 		}
 
 		//* Reconfigure postfix to use dovecot authentication
-		// Adding the amavisd commands to the postfix configuration
 		$postconf_commands = array (
 			'dovecot_destination_recipient_limit = 1',
 			'virtual_transport = '.$virtual_transport,
@@ -443,6 +197,45 @@ class installer_dist extends installer_base {
 			if(version_compare($dovecot_version,2.1) < 0) {
 				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
 			}
+			if(version_compare($dovecot_version,2.2) >= 0) {
+				// Dovecot > 2.2 does not recognize !SSLv2 anymore on Debian 9
+				$content = file_get_contents($config_dir.'/'.$configfile);
+				$content = str_replace('!SSLv2','',$content);
+				file_put_contents($config_dir.'/'.$configfile,$content);
+				unset($content);
+			}
+			if(version_compare($dovecot_version,2.3) >= 0) {
+				// Remove deprecated setting(s)
+				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
+
+				// Check if we have a dhparams file and if not, create it
+				if(!file_exists('/etc/dovecot/dh.pem')) {
+					swriteln('Creating new DHParams file, this takes several minutes. Do not interrupt the script.');
+					if(file_exists('/var/lib/dovecot/ssl-parameters.dat')) {
+						// convert existing ssl parameters file
+						$command = 'dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem';
+						caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+					} else {
+						/*
+						   Create a new dhparams file. We use 2048 bit only as it simply takes too long
+						   on smaller systems to generate a 4096 bit dh file (> 30 minutes). If you need
+						   a 4096 bit file, create it manually before you install ISPConfig
+						*/
+						$command = 'openssl dhparam -out /etc/dovecot/dh.pem 2048';
+						caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+					}
+				}
+				//remove #2.3+ comment
+				$content = file_get_contents($config_dir.'/'.$configfile);
+				$content = str_replace('#2.3+','',$content);
+				file_put_contents($config_dir.'/'.$configfile,$content);
+				unset($content);
+
+			} else {
+				// remove settings which are not supported in Dovecot < 2.3
+				removeLine($config_dir.'/'.$configfile, 'ssl_min_protocol =');
+				removeLine($config_dir.'/'.$configfile, 'ssl_dh =');
+			}
 			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
 			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = webmaster@localhost', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
 		} else {
@@ -464,7 +257,7 @@ class installer_dist extends installer_base {
 			copy("$config_dir/$configfile", "$config_dir/$configfile~");
 			exec("chmod 400 $config_dir/$configfile~");
 		}
-		
+
 		if(!@file_exists('/etc/dovecot-sql.conf')) exec('ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf');
 
 		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot-sql.conf.master', "tpl/fedora_dovecot-sql.conf.master");
@@ -482,7 +275,7 @@ class installer_dist extends installer_base {
 
 		exec("chmod 600 $config_dir/$configfile");
 		exec("chown root:root $config_dir/$configfile");
-		
+
 		// Dovecot shall ignore mounts in website directory
 		if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
 
@@ -502,13 +295,21 @@ class installer_dist extends installer_base {
 		$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
 		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
 		$content = str_replace('{hostname}', $conf['hostname'], $content);
+		$content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir'], $content);
 		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
 		chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
-		
+
+		if(!is_file($conf['amavis']['config_dir'].'/60-dkim')) {
+			touch($conf['amavis']['config_dir'].'/60-dkim');
+			chmod($conf['amavis']['config_dir'].'/60-dkim', 0640);
+		}
+
 		// for CentOS 7.2 only
 		if($dist['confid'] == 'centos72') {
 			chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0750);
 			chgrp($conf['amavis']['config_dir'].'/amavisd.conf', 'amavis');
+			chmod($conf['amavis']['config_dir'].'/60-dkim', 0750);
+			chgrp($conf['amavis']['config_dir'].'/60-dkim', 'amavis');
 		}
 
 
@@ -529,31 +330,28 @@ class installer_dist extends installer_base {
 
 		$config_dir = $conf['postfix']['config_dir'];
 
-		// Adding amavis-services to the master.cf file if the service does not already exists
-		$add_amavis = !$this->get_postfix_service('amavis','unix');
-		$add_amavis_10025 = !$this->get_postfix_service('127.0.0.1:10025','inet');
-		$add_amavis_10027 = !$this->get_postfix_service('127.0.0.1:10027','inet');
-
-		if ($add_amavis || $add_amavis_10025 || $add_amavis_10027) {
-			//* backup master.cf
-			if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
-			// adjust amavis-config
-			if($add_amavis) {
-				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
-				af($config_dir.'/master.cf', $content);
-				unset($content);
-			}
-			if ($add_amavis_10025) {
-				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
-				af($config_dir.'/master.cf', $content);
-				unset($content);
-			}
-			if ($add_amavis_10027) {
-				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
-				af($config_dir.'/master.cf', $content);
-				unset($content);
-			}
-		}
+		// Adding amavis-services to the master.cf file
+
+		// backup master.cf
+		if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
+
+		// first remove the old service definitions
+		$this->remove_postfix_service('amavis','unix');
+		$this->remove_postfix_service('127.0.0.1:10025','inet');
+		$this->remove_postfix_service('127.0.0.1:10027','inet');
+
+		// then add them back
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
+		af($config_dir.'/master.cf', $content);
+		unset($content);
+
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
+		af($config_dir.'/master.cf', $content);
+		unset($content);
+
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
+		af($config_dir.'/master.cf', $content);
+		unset($content);
 
 		removeLine('/etc/sysconfig/freshclam', 'FRESHCLAM_DELAY=disabled-warn   # REMOVE ME', 1);
 		replaceLine('/etc/freshclam.conf', 'Example', '# Example', 1);
@@ -706,10 +504,16 @@ class installer_dist extends installer_base {
 
 		$tpl = new tpl('apache_ispconfig.conf.master');
 		$tpl->setVar('apache_version',getapacheversion());
-		
+
+		if($this->is_update == true) {
+			$tpl->setVar('logging',get_logging_state());
+		} else {
+			$tpl->setVar('logging','yes');
+		}
+
 		$records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
 		$ip_addresses = array();
-		
+
 		if(is_array($records) && count($records) > 0) {
 			foreach($records as $rec) {
 				if($rec['ip_type'] == 'IPv6') {
@@ -728,7 +532,7 @@ class installer_dist extends installer_base {
 				}
 			}
 		}
-		
+
 		if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
 
 		wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
@@ -791,6 +595,17 @@ class installer_dist extends installer_base {
 		//* add a sshusers group
 		$command = 'groupadd sshusers';
 		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+		// add anonymized log option to nginxx.conf file
+		$nginx_conf_file = $conf['nginx']['config_dir'].'/nginx.conf';
+		if(is_file($nginx_conf_file)) {
+			$tmp = file_get_contents($nginx_conf_file);
+			if(!stristr($tmp, 'log_format anonymized')) {
+				copy($nginx_conf_file,$nginx_conf_file.'~');
+				replaceLine($nginx_conf_file, 'http {', "http {\n\n".file_get_contents('tpl/nginx_anonlog.master'), 0, 0);
+			}
+		}
+
 	}
 
 	public function configure_bastille_firewall()
@@ -883,31 +698,20 @@ class installer_dist extends installer_base {
 		//* copy the ISPConfig server part
 		$command = "cp -rf ../server $install_dir";
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
 		//* Make a backup of the security settings
 		if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
-		
+
 		//* copy the ISPConfig security part
 		$command = 'cp -rf ../security '.$install_dir;
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
-		//* Apply changed security_settings.ini values to new security_settings.ini file
-		if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
-			$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
-			$security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
-			if(is_array($security_settings_new) && is_array($security_settings_old)) {
-				foreach($security_settings_new as $section => $sval) {
-					if(is_array($sval)) {
-						foreach($sval as $key => $val) {
-							if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
-								$security_settings_new[$section][$key] = $security_settings_old[$section][$key];
-							}
-						}
-					}
-				}
-				file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
-			}
+
+		$configfile = 'security_settings.ini';
+		if(is_file($install_dir.'/security/'.$configfile)) {
+			copy($install_dir.'/security/'.$configfile, $install_dir.'/security/'.$configfile.'~');
 		}
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		wf($install_dir.'/security/'.$configfile, $content);
 
 		//* Create a symlink, so ISPConfig is accessible via web
 		// Replaced by a separate vhost definition for port 8080
@@ -1048,15 +852,19 @@ class installer_dist extends installer_base {
 		//* chown the interface files to the ispconfig user and group
 		$command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
+		//* chown the extensions directory to the ispconfig user and group
+		$command = 'chown ispconfig:ispconfig '.$install_dir.'/extensions';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
 		//* chown the server files to the root user and group
 		$command = 'chown -R root:root '.$install_dir.'/server';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
 		//* chown the security files to the root user and group
 		$command = 'chown -R root:root '.$install_dir.'/security';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
 		//* chown the security directory and security_settings.ini to root:ispconfig
 		$command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
@@ -1068,6 +876,8 @@ class installer_dist extends installer_base {
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 		$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		//* Make the global language file directory group writable
 		exec("chmod -R 770 $install_dir/interface/lib/lang");
@@ -1109,12 +919,12 @@ class installer_dist extends installer_base {
 			exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");
 			exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");
 		}
-		
+
 		if(is_dir($install_dir.'/interface/invoices')) {
 			exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
 			exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
 		}
-		
+
 		exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
 
 		// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
@@ -1141,6 +951,11 @@ class installer_dist extends installer_base {
 		$command = "chmod +x $install_dir/server/scripts/*.sh";
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
+		if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
+			$sql = "UPDATE sys_user SET passwort = ? WHERE username = 'admin';";
+			$this->db->query($sql, $this->crypt_password($conf['interface_password']));
+		}
+
 		if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
 			//* Copy the ISPConfig vhost for the controlpanel
 			// TODO: These are missing! should they be "vhost_dist_*_dir" ?
@@ -1169,7 +984,7 @@ class installer_dist extends installer_base {
 			} else {
 				$tpl->setVar('ssl_bundle_comment','#');
 			}
-			
+
 			$tpl->setVar('apache_version',getapacheversion());
 
 			wf($vhost_conf_dir.'/ispconfig.vhost', $tpl->grab());
@@ -1182,24 +997,16 @@ class installer_dist extends installer_base {
 				exec("ln -s $vhost_conf_dir/ispconfig.vhost $vhost_conf_enabled_dir/000-ispconfig.vhost");
 			}
 
-			/*
-				exec('mkdir -p /var/www/php-fcgi-scripts/ispconfig');
-				exec('cp tpl/apache_ispconfig_fcgi_starter.master /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
-				exec('chmod +x /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
-				exec('ln -s /usr/local/ispconfig/interface/web /var/www/ispconfig');
-				exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig');
-
-				replaceLine('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter','PHPRC=','PHPRC=/etc/',0,0);
-				*/
-			//if(!is_file('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
 			$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig_fcgi_starter.master', 'tpl/apache_ispconfig_fcgi_starter.master');
 			$content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
 			$content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
 			if(!is_dir('/var/www/php-fcgi-scripts/ispconfig')) exec('mkdir -p /var/www/php-fcgi-scripts/ispconfig');
+			$this->set_immutable('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', false);
 			wf('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
 			exec('chmod +x /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
 			if(!is_link('/var/www/ispconfig')) exec('ln -s /usr/local/ispconfig/interface/web /var/www/ispconfig');
 			exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig');
+			$this->set_immutable('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', true);
 			//}
 			//}
 		}
@@ -1214,11 +1021,11 @@ class installer_dist extends installer_base {
 			$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
 
 			if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
-				$content = str_replace('{ssl_on}', ' on', $content);
+				$content = str_replace('{ssl_on}', 'ssl', $content);
 				$content = str_replace('{ssl_comment}', '', $content);
 				$content = str_replace('{fastcgi_ssl}', 'on', $content);
 			} else {
-				$content = str_replace('{ssl_on}', ' off', $content);
+				$content = str_replace('{ssl_on}', '', $content);
 				$content = str_replace('{ssl_comment}', '#', $content);
 				$content = str_replace('{fastcgi_ssl}', 'off', $content);
 			}
@@ -1273,6 +1080,12 @@ class installer_dist extends installer_base {
 		if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update_from_dev.sh');
 		if(!is_link('/usr/local/bin/ispconfig_update.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update.sh');
 
+		// Install ISPConfig cli command
+		if(is_file('/usr/local/bin/ispc')) unlink('/usr/local/bin/ispc');
+		chown($install_dir.'/server/cli/ispc', 'root');
+		chmod($install_dir.'/server/cli/ispc', 0700);
+		symlink($install_dir.'/server/cli/ispc', '/usr/local/bin/ispc');
+
 		// set the fast cgi starter script to executable
 		// exec('chmod 755 '.$install_dir.'/interface/bin/php-fcgi');
 
@@ -1290,6 +1103,7 @@ class installer_dist extends installer_base {
 		//* Create the ispconfig log directory
 		if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
 		if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
+		chmod($conf['ispconfig_log_dir'].'/ispconfig.log', 0600);
 
 		if(is_user('getmail')) {
 			exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
@@ -1314,10 +1128,10 @@ class installer_dist extends installer_base {
 
 		//* Remove Domain module as its functions are available in the client module now
 		if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
-		
+
 		// Add symlink for patch tool
 		if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
-		
+
 		// Change mode of a few files from amavisd
 		if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
 		if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);

install/dist/lib/fedora32.lib.php

+<?php
+
+/*
+Copyright (c) 2014, Till Brehm, ISPConfig UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once realpath(dirname(__FILE__)) . '/centos_base.lib.php';
+
+class installer extends installer_centos {
+
+	protected $clamav_socket = '/var/run/clamd.amavisd/clamd.sock';
+	
+	// everything else is inherited from installer_centos class
+}
+
+?>

install/dist/lib/fedora33.lib.php

+<?php
+
+/*
+Copyright (c) 2014, Till Brehm, ISPConfig UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once realpath(dirname(__FILE__)) . '/centos_base.lib.php';
+
+class installer extends installer_centos {
+
+	protected $clamav_socket = '/var/run/clamd.amavisd/clamd.sock';
+	
+	// everything else is inherited from installer_centos class
+}
+
+?>

install/dist/lib/gentoo.lib.php

@@ -47,8 +47,7 @@ class installer extends installer_base
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 	}
 
-	public function configure_postfix($options = '')
-	{
+	public function configure_postfix($options = '') {
 		global $conf,$autoinstall;
 
 		$cf = $conf['postfix'];
@@ -57,35 +56,61 @@ class installer extends installer_base
 		if(!is_dir($config_dir)){
 			$this->error("The postfix configuration directory '$config_dir' does not exist.");
 		}
+    
+    //* Get postfix version
+		exec('postconf -d mail_version 2>&1', $out);
+		$postfix_version = preg_replace('/.*=\s*/', '', $out[0]);
+		unset($out);
 
 		//* Install virtual mappings
 		foreach (glob('tpl/mysql-virtual_*.master') as $filename) {
 			$this->process_postfix_config( basename($filename, '.master') );
 		}
 
+		//* mysql-verify_recipients.cf
+		$this->process_postfix_config('mysql-verify_recipients.cf');
+    
+    // test if lmtp if available
+		$configure_lmtp = $this->get_postfix_service('lmtp','unix');
+
+		//* postfix-dkim
+		$filename='tag_as_originating.re';
+		$full_file_name=$config_dir.'/'.$filename;
+		if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master');
+		if($configure_lmtp) {
+			$content = preg_replace('/amavis:/', 'lmtp:', $content);
+		}
+		wf($full_file_name, $content);
+    
+    $filename='tag_as_foreign.re';
+		$full_file_name=$config_dir.'/'.$filename;
+		if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master');
+		if($configure_lmtp) {
+			$content = preg_replace('/amavis:/', 'lmtp:', $content);
+		}
+		wf($full_file_name, $content);    
+    
 		//* Changing mode and group of the new created config files.
-		caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
+		/*caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
 			__FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed');
 		caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
-			__FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed');
+			__FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed');*/
 
 		//* Creating virtual mail user and group
 		$command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
-		if (!is_group($cf['vmail_groupname'])) {
-			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		}
+		if(!is_group($cf['vmail_groupname'])) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
-		if (!is_user($cf['vmail_username'])) {
-			caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		}
+		if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		//* These postconf commands will be executed on installation and update
 		$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"].'.server', $conf['server_id']);
 		$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
 		unset($server_ini_rec);
 
-		//* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
+    //* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removal after an update
 		$rbl_list = '';
 		if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
 			$rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
@@ -100,13 +125,31 @@ class installer extends installer_base
 		if($conf['postgrey']['installed'] == true) {
 			$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
 		}
-		
+
 		$reject_sender_login_mismatch = '';
+		$reject_authenticated_sender_login_mismatch = '';
 		if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
-			$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
+      $reject_sender_login_mismatch = ',reject_sender_login_mismatch,';
+			$reject_authenticated_sender_login_mismatch = 'reject_authenticated_sender_login_mismatch, ';
+		}
+
+		# placeholder includes comment char
+		$stress_adaptive_placeholder = '#{stress_adaptive} ';
+		$stress_adaptive = (isset($server_ini_array['mail']['stress_adaptive']) && ($server_ini_array['mail']['stress_adaptive'] == 'y')) ? '' : $stress_adaptive_placeholder;
+
+		$reject_unknown_client_hostname='';
+		if (isset($server_ini_array['mail']['reject_unknown']) && ($server_ini_array['mail']['reject_unknown'] == 'client' || $server_ini_array['mail']['reject_unknown'] == 'client_helo')) {
+			$reject_unknown_client_hostname=',reject_unknown_client_hostname';
 		}
+		$reject_unknown_helo_hostname='';
+		if ((!isset($server_ini_array['mail']['reject_unknown'])) || $server_ini_array['mail']['reject_unknown'] == 'helo' || $server_ini_array['mail']['reject_unknown'] == 'client_helo') {
+			$reject_unknown_helo_hostname=',reject_unknown_helo_hostname';
+		}
+
 		unset($server_ini_array);
-		
+
+		$myhostname = str_replace('.','\.',$conf['hostname']);
+
 		$postconf_placeholders = array('{config_dir}' => $config_dir,
 			'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
 			'{vmail_userid}' => $cf['vmail_userid'],
@@ -114,12 +157,52 @@ class installer extends installer_base
 			'{rbl_list}' => $rbl_list,
 			'{greylisting}' => $greylisting,
 			'{reject_slm}' => $reject_sender_login_mismatch,
+			'{reject_aslm}' => $reject_authenticated_sender_login_mismatch,
+			'{myhostname}' => $myhostname,
+			$stress_adaptive_placeholder => $stress_adaptive,
+			'{reject_unknown_client_hostname}' => $reject_unknown_client_hostname,
+			'{reject_unknown_helo_hostname}' => $reject_unknown_helo_hostname,
 		);
 
 		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/gentoo_postfix.conf.master', 'tpl/gentoo_postfix.conf.master');
 		$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
 		$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines
-
+        
+    //* Merge version-specific postfix config
+		if(version_compare($postfix_version , '2.5', '>=')) {
+		    $configfile = 'postfix_2-5.conf';
+		    $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		    $content = strtr($content, $postconf_placeholders);
+		    $postconf_commands = array_merge($postconf_commands, array_filter(explode("\n", $content)));
+		}
+		if(version_compare($postfix_version , '2.10', '>=')) {
+		    $configfile = 'postfix_2-10.conf';
+		    $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		    $content = strtr($content, $postconf_placeholders);
+		    $postconf_commands = array_merge($postconf_commands, array_filter(explode("\n", $content)));
+		}
+		if(version_compare($postfix_version , '3.0', '>=')) {
+		    $configfile = 'postfix_3-0.conf';
+		    $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		    $content = strtr($content, $postconf_placeholders);
+		    $postconf_commands = array_merge($postconf_commands, array_filter(explode("\n", $content)));
+		}
+		if(version_compare($postfix_version , '3.3', '>=')) {
+		    $configfile = 'postfix_3-3.conf';
+		    $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		    $content = strtr($content, $postconf_placeholders);
+		    $postconf_commands = array_merge($postconf_commands, array_filter(explode("\n", $content)));
+		}
+		$configfile = 'postfix_custom.conf';
+		if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/' . $configfile . '.master')) {
+			$content = file_get_contents($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master');
+			$content = strtr($content, $postconf_placeholders);
+			$postconf_commands = array_merge($postconf_commands, array_filter(explode("\n", $content)));
+		}
+
+		// Remove comment lines, these would give fatal errors when passed to postconf.
+		$postconf_commands = array_filter($postconf_commands, function($line) { return preg_match('/^[^#]/', $line); });
+    
 		//* These postconf commands will be executed on installation only
 		if($this->is_update == false) {
 			$postconf_commands = array_merge($postconf_commands, array(
@@ -134,6 +217,16 @@ class installer extends installer_base
 		touch($config_dir.'/mime_header_checks');
 		touch($config_dir.'/nested_header_checks');
 		touch($config_dir.'/body_checks');
+		touch($config_dir.'/sasl_passwd');
+    
+    //* Create the mailman files
+		if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
+		if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
+		exec('postalias /var/lib/mailman/data/aliases');
+		if(!is_file('/var/lib/mailman/data/virtual-mailman')) touch('/var/lib/mailman/data/virtual-mailman');
+		exec('postmap /var/lib/mailman/data/virtual-mailman');
+		if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
+		exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
 
 		//* Create auxillary postfix conf files
 		$configfile = 'helo_access';
@@ -162,13 +255,13 @@ class installer extends installer_base
 		//* Executing the postconf commands
 		foreach($postconf_commands as $cmd) {
 			$command = "postconf -e '$cmd'";
-			caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
+      swriteln($command);
+      caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
 		}
-
-		//* Create the SSL certificate
-		if (!stristr($options, 'dont-create-certs'))
-		{
-			if(AUTOINSTALL){
+		
+		if (!stristr($options, 'dont-create-certs')){
+			//* Create the SSL certificate
+      if(AUTOINSTALL){
 				$command = 'cd '.$config_dir.'; '
 					."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
 			} else {
@@ -181,58 +274,59 @@ class installer extends installer_base
 			caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
 		}
 
-		//* We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
-		$command = 'chmod 755  /var/lib/courier/authdaemon/';
-		if (is_dir('/var/lib/courier/authdaemon')) {
-			caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
-		}
+		//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
+		$command = 'chmod 755  /var/run/courier/authdaemon/';
+		if(is_file('/var/run/courier/authdaemon/')) caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
 
-		//* Changing maildrop lines in posfix master.cf
+		//* Check maildrop service in posfix master.cf
+		$quoted_regex = '^maildrop   unix.*pipe flags=DRhu user=vmail '.preg_quote('argv=/usr/bin/maildrop -d '.$cf['vmail_username'].' ${extension} ${recipient} ${user} ${nexthop} ${sender}', '/');
 		$configfile = $config_dir.'/master.cf';
-		$content = rf($configfile);
-
-		$content = preg_replace('/^#?maildrop/m', 'maildrop', $content);
-		$content = preg_replace('/^#?(\s+)flags=DRhu user=vmail argv=\/usr\/bin\/maildrop -d/m',
-			'$1flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail \${extension} \${recipient} \${user} \${nexthop} \${sender}',
-			$content);
-
-		$this->write_config_file($configfile, $content);
-
-		//* Writing the Maildrop mailfilter file
-		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailfilter.master', 'tpl/mailfilter.master');
+		if($this->get_postfix_service('maildrop', 'unix')) {
+			exec ("postconf -M maildrop.unix 2> /dev/null", $out, $ret);
+			$change_maildrop_flags = @(preg_match("/$quoted_regex/", $out[0]) && $out[0] !='')?false:true;
+		} else {
+			$change_maildrop_flags = @(preg_match("/$quoted_regex/", $configfile))?false:true;
+		}
+		if ($change_maildrop_flags) {
+			//* Change maildrop service in posfix master.cf
+			if(is_file($config_dir.'/master.cf')) {
+				copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
+			}
+			if(is_file($config_dir.'/master.cf~')) {
+				chmod($config_dir.'/master.cf~', 0400);
+ 			}
+			$configfile = $config_dir.'/master.cf';
+			$content = rf($configfile);
+			$content =	str_replace('flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
+						'flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d '.$cf['vmail_username'].' ${extension} ${recipient} ${user} ${nexthop} ${sender}',
+						$content);
+			wf($configfile, $content);
+		}
+    
+    //* Writing the Maildrop mailfilter file
+		$configfile = 'mailfilter';
+		if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)) {
+			copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
+		}
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
 		$content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
-
-		$this->write_config_file($cf['vmail_mailbox_base'].'/.mailfilter', $content);
+		wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);     
 
 		//* Create the directory for the custom mailfilters
-		if (!is_dir($cf['vmail_mailbox_base'].'/mailfilters'))
-		{
+		if(!is_dir($cf['vmail_mailbox_base'].'/mailfilters')) {
 			$command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
-			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		}
-
-		//* postfix-dkim
-		$full_file_name=$config_dir.'/tag_as_originating.re';
-		if(is_file($full_file_name)) {
-			copy($full_file_name, $config_dir.$configfile.'~');
-		}
-		$this->write_config_file($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
-
-		$full_file_name=$config_dir.'/tag_as_foreign.re';
-		if(is_file($full_file_name)) {
-			copy($full_file_name, $config_dir.$configfile.'~');
-		}
-		$this->write_config_file($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
+			caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		}	
 
 		//* Chmod and chown the .mailfilter file
-		$command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
+		$command = 'chown '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
 		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
-		$command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
+		$command = 'chmod 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
 		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 	}
-
+  
 	public function configure_saslauthd()
 	{
 		global $conf;
@@ -270,20 +364,24 @@ class installer extends installer_base
 		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 	}
 
-	public function configure_dovecot()
-	{
+	public function configure_dovecot() {
 		global $conf;
 
 		$virtual_transport = 'dovecot';
 
 		$configure_lmtp = false;
-		
+
+		// use lmtp if installed
+		if($configure_lmtp = (is_file('/usr/lib/dovecot/lmtp') || is_file('/usr/libexec/dovecot/lmtp'))) {
+			$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
+		}
+
 		// check if virtual_transport must be changed
 		if ($this->is_update) {
-			$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"].".server", $conf['server_id']);
+			$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
 			$ini_array = ini_to_array(stripslashes($tmp['config']));
 			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
-			
+
 			if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
 				$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
 				$configure_lmtp = true;
@@ -291,25 +389,29 @@ class installer extends installer_base
 		}
 
 		$config_dir = $conf['postfix']['config_dir'];
+		$quoted_config_dir = preg_quote($config_dir, '|');
+		$postfix_version = `postconf -d mail_version 2>/dev/null`;
+		$postfix_version = preg_replace( '/mail_version\s*=\s*(.*)\s*/', '$1', $postfix_version );
 
 		//* Configure master.cf and add a line for deliver
 		if(!$this->get_postfix_service('dovecot', 'unix')) {
-			//* backup
+ 			//* backup
 			if(is_file($config_dir.'/master.cf')){
 				copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
 			}
-			if(is_file($config_dir.'/master.cf~')){
+			if(is_file($config_dir.'/master.cf~2')){
 				chmod($config_dir.'/master.cf~2', 0400);
 			}
 			//* Configure master.cf and add a line for deliver
-			$content = rf($conf["postfix"]["config_dir"].'/master.cf');
-			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DROhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
+			$content = rf($config_dir.'/master.cf');
+			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
 			af($config_dir.'/master.cf', $deliver_content);
 			unset($content);
 			unset($deliver_content);
 		}
 
 		//* Reconfigure postfix to use dovecot authentication
+		// Adding the amavisd commands to the postfix configuration
 		$postconf_commands = array (
 			'dovecot_destination_recipient_limit = 1',
 			'virtual_transport = '.$virtual_transport,
@@ -317,35 +419,163 @@ class installer extends installer_base
 			'smtpd_sasl_path = private/auth'
 		);
 
-		//* Make a backup copy of the main.cf file
-		copy($conf['postfix']['config_dir'].'/main.cf', $conf['postfix']['config_dir'].'/main.cf~3');
+		// Make a backup copy of the main.cf file
+		copy($config_dir.'/main.cf', $config_dir.'/main.cf~3');
 
-		//* Executing the postconf commands
-		foreach($postconf_commands as $cmd)
-		{
+		$options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions"));
+		$new_options = array();
+		foreach ($options as $value) {
+			$value = trim($value);
+			if ($value == '') continue;
+      if (preg_match("|check_recipient_access\s+proxy:mysql:{$quoted_config_dir}/mysql-verify_recipients.cf|", $value)) {
+				continue;
+			}
+			$new_options[] = $value;
+		}
+    if ($configure_lmtp && (!isset($conf['mail']['content_filter']) || $conf['mail']['content_filter'] === 'amavisd')) {
+			for ($i = 0; isset($new_options[$i]); $i++) {
+				if ($new_options[$i] == 'reject_unlisted_recipient') {
+          array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:{$config_dir}/mysql-verify_recipients.cf"));
+					break;
+				}
+			}
+			# postfix < 3.3 needs this when using reject_unverified_recipient:
+			if(version_compare($postfix_version, 3.3, '<')) {
+				$postconf_commands[] = "enable_original_recipient = yes";
+			}
+		}
+		$postconf_commands[] = "smtpd_recipient_restrictions = ".implode(", ", $new_options);
+
+		// Executing the postconf commands
+		foreach($postconf_commands as $cmd) {
 			$command = "postconf -e '$cmd'";
-			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+			caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 		}
 
+		//* backup dovecot.conf
 		$config_dir = $conf['dovecot']['config_dir'];
-		//* copy dovecot.conf
-		$configfile = $config_dir.'/dovecot.conf';
-		$content = $this->get_template_file('dovecot.conf', true);
-		$this->write_config_file($configfile, $content);
+		$configfile = 'dovecot.conf';
+		if(is_file($config_dir.'/'.$configfile)) {
+			copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
+		}
+
+		//* Get the dovecot version
+		exec('dovecot --version', $tmp);
+		$dovecot_version = $tmp[0];
+		unset($tmp);
+
+		//* Copy dovecot configuration file
+		if(version_compare($dovecot_version,1, '<=')) {	//* Dovecot 1.x
+			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/gentoo_dovecot.conf.master')) {
+				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/gentoo_dovecot.conf.master', $config_dir.'/'.$configfile);
+			} else {
+				copy('dist/tpl/gentoo/dovecot.conf.master', $config_dir.'/'.$configfile);
+			}
+		} else {	//* Dovecot 2.x
+			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/gentoo_dovecot2.conf.master')) {
+				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/gentoo_dovecot2.conf.master', $config_dir.'/'.$configfile);
+			} else {
+				copy('dist/tpl/gentoo/dovecot2.conf.master', $config_dir.'/'.$configfile);
+			}
+			// Copy custom config file
+			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/dovecot_custom.conf.master')) {
+				if(!@is_dir($config_dir . '/conf.d')) {
+					mkdir($config_dir . '/conf.d');
+				}
+				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/dovecot_custom.conf.master', $config_dir.'/conf.d/99-ispconfig-custom-config.conf');
+			}
+			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
+			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = webmaster@localhost', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
+			if(version_compare($dovecot_version, 2.1, '<')) {
+				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
+			}
+			if(version_compare($dovecot_version,2.2) >= 0) {
+				// Dovecot > 2.2 does not recognize !SSLv2 anymore on Debian 9
+				$content = file_get_contents($config_dir.'/'.$configfile);
+				$content = str_replace('!SSLv2','',$content);
+				file_put_contents($config_dir.'/'.$configfile,$content);
+				unset($content);
+			}
+			if(version_compare($dovecot_version,2.3) >= 0) {
+				// Remove deprecated setting(s)
+				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
+
+				// Check if we have a dhparams file and if not, create it
+				if(!file_exists('/etc/dovecot/dh.pem')) {
+					// Create symlink to ISPConfig dhparam file
+					swriteln('Creating symlink /etc/dovecot/dh.pem to ISPConfig DHParam file.');
+					symlink('/usr/local/ispconfig/interface/ssl/dhparam4096.pem', '/etc/dovecot/dh.pem');
+          
+          /*
+          swriteln('Creating new DHParams file, this takes several minutes. Do not interrupt the script.');
+					if(file_exists('/var/lib/dovecot/ssl-parameters.dat')) {
+						// convert existing ssl parameters file
+						$command = 'dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem';
+						caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+					} else {
+						
+						   //Create a new dhparams file. We use 2048 bit only as it simply takes too long
+						   //on smaller systems to generate a 4096 bit dh file (> 30 minutes). If you need
+						  // a 4096 bit file, create it manually before you install ISPConfig
+						
+						$command = 'openssl dhparam -out /etc/dovecot/dh.pem 2048';
+						caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+					}
+          */
+				}
+				//remove #2.3+ comment
+				$content = file_get_contents($config_dir.'/'.$configfile);
+				$content = str_replace('#2.3+ ','',$content);
+				file_put_contents($config_dir.'/'.$configfile,$content);
+				unset($content);
+
+			} else {
+				// remove settings which are not supported in Dovecot < 2.3
+				removeLine($config_dir.'/'.$configfile, 'ssl_min_protocol =');
+				removeLine($config_dir.'/'.$configfile, 'ssl_dh =');
+			}
+		}
+
+		$dovecot_protocols = 'imap pop3';
 
 		//* dovecot-lmtpd
 		if($configure_lmtp) {
-			replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0);
+			$dovecot_protocols .= ' lmtp';
 		}
 
+		//* dovecot-managesieved
+		if(is_file('/usr/lib/dovecot/managesieve') || is_file('/usr/libexec/dovecot/managesieve')) {
+			$dovecot_protocols .= ' sieve';
+		}
+
+		replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', "protocols = $dovecot_protocols", 1, 0);
+
 		//* dovecot-sql.conf
-		$configfile = $config_dir.'/dovecot-sql.conf';
-		$content = $this->get_template_file('debian_dovecot-sql.conf', true, true);
+		$configfile = 'dovecot-sql.conf';
+		if(is_file($config_dir.'/'.$configfile)) {
+			copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
+		}
+		if(is_file($config_dir.'/'.$configfile.'~')) chmod($config_dir.'/'.$configfile.'~', 0400);
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot-sql.conf.master', 'tpl/debian_dovecot-sql.conf.master');
+		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
+		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
+		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
+		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
+		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
+		$content = str_replace('{server_id}', $conf['server_id'], $content);
 		# enable iterate_query for dovecot2
 		if(version_compare($dovecot_version,2, '>=')) {
 			$content = str_replace('# iterate_query', 'iterate_query', $content);
 		}
-		$this->write_config_file($configfile, $content);
+		wf($config_dir.'/'.$configfile, $content);
+
+		chmod($config_dir.'/'.$configfile, 0600);
+		chown($config_dir.'/'.$configfile, 'root');
+		chgrp($config_dir.'/'.$configfile, 'root');
+
+		// Dovecot shall ignore mounts in website directory
+		if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
+
 	}
 
 	public function configure_spamassassin()
@@ -411,31 +641,28 @@ class installer extends installer_base
 
 		$config_dir = $conf['postfix']['config_dir'];
 
-		// Adding amavis-services to the master.cf file if the service does not already exists
-		$add_amavis = !$this->get_postfix_service('amavis','unix');
-		$add_amavis_10025 = !$this->get_postfix_service('127.0.0.1:10025','inet');
-		$add_amavis_10027 = !$this->get_postfix_service('127.0.0.1:10027','inet');
-
-		if ($add_amavis || $add_amavis_10025 || $add_amavis_10027) {
-			//* backup master.cf
-			if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
-			// adjust amavis-config
-			if($add_amavis) {
-				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
-				af($config_dir.'/master.cf', $content);
-				unset($content);
-			}
-			if ($add_amavis_10025) {
-				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
-				af($config_dir.'/master.cf', $content);
-				unset($content);
-			}
-			if ($add_amavis_10027) {
-				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
-				af($config_dir.'/master.cf', $content);
-				unset($content);
-			}
-		}
+		// Adding amavis-services to the master.cf file
+
+		// backup master.cf
+		if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
+
+		// first remove the old service definitions
+		$this->remove_postfix_service('amavis','unix');
+		$this->remove_postfix_service('127.0.0.1:10025','inet');
+		$this->remove_postfix_service('127.0.0.1:10027','inet');
+
+		// then add them back
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
+		af($config_dir.'/master.cf', $content);
+		unset($content);
+
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
+		af($config_dir.'/master.cf', $content);
+		unset($content);
+
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
+		af($config_dir.'/master.cf', $content);
+		unset($content);
 
 		//* Add the clamav user to the amavis group
 		exec('usermod -a -G amavis clamav');
@@ -476,9 +703,45 @@ class installer extends installer_base
 		 */
 
 
-		$content = preg_replace('/MISC_OTHER="[^"]+"/', 'MISC_OTHER="-b -A -E -Z -D -H -O clf:'.$logdir.'/transfer.log"', $content);
+		 //* Enable TLS if certificate file exists
+		 $enable_tls = '';
+		 if(file_exists('/etc/ssl/private/pure-ftpd.pem')) {
+			 $enable_tls = ' -Y 1';
+		 }
+
+		 $content = preg_replace('/MISC_OTHER="[^"]+"/', 'MISC_OTHER="-b -A -E -Z -D -H -O clf:'.$logdir.'/transfer.log'.$enable_tls.'"', $content);
 
 		$this->write_config_file($conf['pureftpd']['config_file'], $content);
+    
+    //* Since version 1.0.50: Configuration through /etc/conf.d/pure-ftpd is now deprecated!    
+    exec("/usr/sbin/pure-ftpd --help | head -1",$out);
+    if(preg_match("#v([0-9\.]+)\s#",$out[0],$matches)){
+      $pureftpd_version = $matches[1];
+      
+      if(version_compare($pureftpd_version, '1.0.50', '>=')) { 
+        $configfile = $conf['pureftpd']['main_config_file'];
+    		if(is_file($configfile)) {
+    			copy($configfile, $configfile.'~');
+    		}
+    		
+        $content = rf($configfile);
+        $content = preg_replace('/BrokenClientsCompatibility\s+(yes|no)/', 'BrokenClientsCompatibility   yes', $content);
+        $content = preg_replace('/ChrootEveryone\s+(yes|no)/', 'ChrootEveryone               yes', $content);
+        $content = preg_replace('/NoAnonymous\s+(yes|no)/', 'NoAnonymous                  yes', $content);
+        $content = preg_replace('/#? AltLog\s+clf.*\s/', 'AltLog                       clf:/var/log/pureftpd.log', $content);
+        $content = preg_replace('/CustomerProof\s+(yes|no)/', 'CustomerProof                yes', $content);
+        $content = preg_replace('/DisplayDotFiles\s+(yes|no)/', 'DisplayDotFiles              yes', $content);
+        $content = preg_replace('/DontResolve\s+(yes|no)/', 'DontResolve                  yes', $content);
+        $content = preg_replace('/#? MySQLConfigFile\s+\/.*\s/', 'MySQLConfigFile              ' . $conf['pureftpd']['mysql_config_file'], $content);
+        
+        if(file_exists('/etc/ssl/private/pure-ftpd.pem')) {
+          $content = preg_replace('/(#?) TLS\s+(0|1)/', 'TLS                          1', $content);
+        }
+        
+        wf($configfile, $content);
+      }
+    }
+    
 	}
 
 	public function configure_powerdns()
@@ -498,10 +761,10 @@ class installer extends installer_base
 
 		//* load the powerdns databse dump
 		if($conf['mysql']['admin_password'] == '') {
-			caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' '".$conf['powerdns']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/powerdns.sql' &> /dev/null",
+			caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' --force '".$conf['powerdns']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/powerdns.sql' &> /dev/null",
 				__FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in powerdns.sql');
 		} else {
-			caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' -p'".$conf['mysql']['admin_password']."' '".$conf['powerdns']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/powerdns.sql' &> /dev/null",
+			caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' -p'".$conf['mysql']['admin_password']."' --force '".$conf['powerdns']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/powerdns.sql' &> /dev/null",
 				__FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in powerdns.sql');
 		}
 
@@ -601,10 +864,16 @@ class installer extends installer_base
 		//* Copy the ISPConfig configuration include
 		$tpl = new tpl('apache_ispconfig.conf.master');
 		$tpl->setVar('apache_version',getapacheversion());
-		
+
+		if($this->is_update == true) {
+			$tpl->setVar('logging',get_logging_state());
+		} else {
+			$tpl->setVar('logging','yes');
+		}
+
 		$records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
 		$ip_addresses = array();
-		
+
 		if(is_array($records) && count($records) > 0) {
 			foreach($records as $rec) {
 				if($rec['ip_type'] == 'IPv6') {
@@ -623,7 +892,7 @@ class installer extends installer_base
 				}
 			}
 		}
-		
+
 		if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
 
 		wf($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $tpl->grab());
@@ -679,7 +948,8 @@ class installer extends installer_base
 				caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 			}
 
-			$command = 'adduser '.$conf['apache']['user'].' '.$apps_vhost_group;
+			//$command = 'adduser '.$conf['apache']['user'].' '.$apps_vhost_group;
+      $command = 'usermod -a -G '.$apps_vhost_group.' '.$conf['apache']['user'];
 			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 			if(!@is_dir($install_dir)){
@@ -720,10 +990,11 @@ class installer extends installer_base
 			$content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
 			mkdir($conf['web']['website_basedir'].'/php-fcgi-scripts/apps', 0755, true);
 			//copy('tpl/apache_apps_fcgi_starter.master',$conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter');
+			$this->set_immutable($conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter', false);
 			wf($conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter', $content);
 			exec('chmod +x '.$conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter');
 			exec('chown -R ispapps:ispapps '.$conf['web']['website_basedir'].'/php-fcgi-scripts/apps');
-
+			$this->set_immutable($conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter', true);
 			//}
 		}
 		if($conf['nginx']['installed'] == true){
@@ -738,7 +1009,8 @@ class installer extends installer_base
 			if(!is_user($apps_vhost_user)) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 
-			$command = 'adduser '.$conf['nginx']['user'].' '.$apps_vhost_group;
+			//$command = 'adduser '.$conf['nginx']['user'].' '.$apps_vhost_group;
+      $command = 'usermod -a -G '.$apps_vhost_group.' '.$conf['nginx']['user'];
 			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 			if(!@is_dir($install_dir)){
@@ -776,11 +1048,11 @@ class installer extends installer_base
 			//$content = str_replace('{fpm_port}', ($conf['nginx']['php_fpm_start_port']+1), $content);
 			$content = str_replace('{fpm_socket}', $fpm_socket, $content);
 			$content = str_replace('{cgi_socket}', $cgi_socket, $content);
-			
+
 			// SSL in apps vhost is off by default. Might change later.
-			$content = str_replace('{ssl_on}', 'off', $content);
+			$content = str_replace('{ssl_on}', 'ssl', $content);
 			$content = str_replace('{ssl_comment}', '#', $content);
-			
+
 			wf($vhost_conf_dir.'/apps.vhost', $content);
 
 			// PHP-FPM
@@ -802,70 +1074,78 @@ class installer extends installer_base
 
 		}
 	}
+  
+  public function get_host_ips() {
+		$out = array();
+		exec("ip addr show | awk '/global/ { print $2 }' | cut -d '/' -f 1", $ret, $val);
+		if($val == 0) {
+			if(is_array($ret) && !empty($ret)){				
+				foreach($ret as $ip) {
+					$ip = trim($ip);
+          $out[] = $ip;
+				}
+			}
+		}
 
-	public function install_ispconfig()
-	{
+		return $out;
+	}
+  
+	public function install_ispconfig() {
 		global $conf;
 
 		$install_dir = $conf['ispconfig_install_dir'];
 
 		//* Create the ISPConfig installation directory
-		if(!is_dir($install_dir))
-		{
+		if(!@is_dir($install_dir)) {
 			$command = "mkdir $install_dir";
 			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 		}
 
 		//* Create a ISPConfig user and group
-		if (!is_group('ispconfig'))
-		{
-			$command = 'groupadd ispconfig';
-			caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		}
+		$command = 'groupadd ispconfig';
+		if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
-		if (!is_user('ispconfig'))
-		{
-			$command = "useradd -g ispconfig -d $install_dir ispconfig";
-			caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		}
+		$command = 'useradd -g ispconfig -d '.$install_dir.' ispconfig';
+		if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		//* copy the ISPConfig interface part
-		$command = "cp -rf ../interface $install_dir";
+		$command = 'cp -rf ../interface '.$install_dir;
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		//* copy the ISPConfig server part
-		$command = "cp -rf ../server $install_dir";
+		$command = 'cp -rf ../server '.$install_dir;
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
 		//* Make a backup of the security settings
 		if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
-		
+
 		//* copy the ISPConfig security part
 		$command = 'cp -rf ../security '.$install_dir;
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
-		//* Apply changed security_settings.ini values to new security_settings.ini file
-		if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
-			$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
-			$security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
-			if(is_array($security_settings_new) && is_array($security_settings_old)) {
-				foreach($security_settings_new as $section => $sval) {
-					if(is_array($sval)) {
-						foreach($sval as $key => $val) {
-							if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
-								$security_settings_new[$section][$key] = $security_settings_old[$section][$key];
-							}
-						}
-					}
-				}
-				file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
-			}
+
+		$configfile = 'security_settings.ini';
+		if(is_file($install_dir.'/security/'.$configfile)) {
+			copy($install_dir.'/security/'.$configfile, $install_dir.'/security/'.$configfile.'~');
 		}
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		wf($install_dir.'/security/'.$configfile, $content);
 
+		//* Create a symlink, so ISPConfig is accessible via web
+		// Replaced by a separate vhost definition for port 8080
+		// $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
+		// caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		//* Create the config file for ISPConfig interface
 		$configfile = 'config.inc.php';
-		$content = $this->get_template_file($configfile, true, true); //* get contents & insert db cred
+		if(is_file($install_dir.'/interface/lib/'.$configfile)) {
+			copy($install_dir.'/interface/lib/'.$configfile, $install_dir.'/interface/lib/'.$configfile.'~');
+		}
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
+		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
+		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
+		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
+		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
 
 		$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
 		$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
@@ -880,10 +1160,34 @@ class installer extends installer_base
 		$content = str_replace('{theme}', $conf['theme'], $content);
 		$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
 
-		$this->write_config_file("$install_dir/interface/lib/$configfile", $content);
+		wf($install_dir.'/interface/lib/'.$configfile, $content);
 
 		//* Create the config file for ISPConfig server
-		$this->write_config_file("$install_dir/server/lib/$configfile", $content);
+		$configfile = 'config.inc.php';
+		if(is_file($install_dir.'/server/lib/'.$configfile)) {
+			copy($install_dir.'/server/lib/'.$configfile, $install_dir.'/interface/lib/'.$configfile.'~');
+		}
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
+		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
+		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
+		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
+		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
+
+		$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
+		$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
+		$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
+		$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
+		$content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
+
+		$content = str_replace('{server_id}', $conf['server_id'], $content);
+		$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
+		$content = str_replace('{language}', $conf['language'], $content);
+		$content = str_replace('{timezone}', $conf['timezone'], $content);
+		$content = str_replace('{theme}', $conf['theme'], $content);
+		$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
+
+		wf($install_dir.'/server/lib/'.$configfile, $content);
 
 		//* Create the config file for remote-actions (but only, if it does not exist, because
 		//  the value is a autoinc-value and so changed by the remoteaction_core_module
@@ -892,7 +1196,7 @@ class installer extends installer_base
 			wf($install_dir.'/server/lib/remote_action.inc.php', $content);
 		}
 
-		// Enable the server modules and plugins.
+		//* Enable the server modules and plugins.
 		// TODO: Implement a selector which modules and plugins shall be enabled.
 		$dir = $install_dir.'/server/mods-available/';
 		if (is_dir($dir)) {
@@ -934,10 +1238,12 @@ class installer extends installer_base
 						if(method_exists($tmp, 'onInstall') && $tmp->onInstall()) {
 							if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) {
 								@symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
+								//@symlink($install_dir.'/server/plugins-available/'.$file, '../plugins-enabled/'.$file);
 							}
 							if (strpos($file, '_core_plugin') !== false) {
 								if(!@is_link($install_dir.'/server/plugins-core/'.$file)) {
 									@symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
+									//@symlink($install_dir.'/server/plugins-available/'.$file, '../plugins-core/'.$file);
 								}
 							}
 						}
@@ -948,21 +1254,25 @@ class installer extends installer_base
 			}
 		}
 
-		//* Update the server config
+		// Update the server config
 		$mail_server_enabled = ($conf['services']['mail'])?1:0;
 		$web_server_enabled = ($conf['services']['web'])?1:0;
 		$dns_server_enabled = ($conf['services']['dns'])?1:0;
 		$file_server_enabled = ($conf['services']['file'])?1:0;
 		$db_server_enabled = ($conf['services']['db'])?1:0;
-		$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
+		$vserver_server_enabled = ($conf['openvz']['installed'])?1:0;
+		$proxy_server_enabled = ($conf['services']['proxy'])?1:0;
+		$firewall_server_enabled = ($conf['services']['firewall'])?1:0;
+		$xmpp_server_enabled = ($conf['services']['xmpp'])?1:0;
 
-		$sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
+		$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled', xmpp_server = '$xmpp_server_enabled' WHERE server_id = ?";
 
-		$this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
+		$this->db->query($sql, $conf['server_id']);
 		if($conf['mysql']['master_slave_setup'] == 'y') {
-			$this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
+			$this->dbmaster->query($sql, $conf['server_id']);
 		}
 
+
 		// chown install dir to root and chmod 755
 		$command = 'chown root:root '.$install_dir;
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
@@ -976,15 +1286,23 @@ class installer extends installer_base
 		//* chown the interface files to the ispconfig user and group
 		$command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
+		//* chown the extensions directory to the ispconfig user and group
+		$command = 'chown ispconfig:ispconfig '.$install_dir.'/extensions';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+		//* Chmod the files and directories in the acme dir
+		$command = 'chmod -R 755 '.$install_dir.'/interface/acme';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
 		//* chown the server files to the root user and group
 		$command = 'chown -R root:root '.$install_dir.'/server';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
 		//* chown the security files to the root user and group
 		$command = 'chown -R root:root '.$install_dir.'/security';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
 		//* chown the security directory and security_settings.ini to root:ispconfig
 		$command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
@@ -996,14 +1314,14 @@ class installer extends installer_base
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 		$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		//* Make the global language file directory group writable
 		exec("chmod -R 770 $install_dir/interface/lib/lang");
 
 		//* Make the temp directory for language file exports writable
-		if(is_dir($install_dir.'/interface/web/temp')) {
-			exec("chmod -R 770 $install_dir/interface/web/temp");
-		}
+		if(is_dir($install_dir.'/interface/web/temp')) exec("chmod -R 770 $install_dir/interface/web/temp");
 
 		//* Make all interface language file directories group writable
 		$handle = @opendir($install_dir.'/interface/web');
@@ -1049,7 +1367,7 @@ class installer extends installer_base
 			exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
 			exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
 		}
-		
+
 		exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
 
 		// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
@@ -1059,15 +1377,15 @@ class installer extends installer_base
 			$command = 'usermod -a -G ispconfig '.$conf['apache']['user'];
 			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 			if(is_group('ispapps')){
-				$command = 'usermod -a -G ispapps '.$conf['apache']['user'];
+        $command = 'usermod -a -G ispapps '.$conf['apache']['user'];
 				caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 			}
 		}
 		if($conf['nginx']['installed'] == true){
-			$command = 'usermod -a -G ispconfig '.$conf['nginx']['user'];
+      $command = 'usermod -a -G ispconfig '.$conf['nginx']['user'];
 			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 			if(is_group('ispapps')){
-				$command = 'usermod -a -G ispapps '.$conf['nginx']['user'];
+        $command = 'usermod -a -G ispapps '.$conf['nginx']['user'];
 				caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 			}
 		}
@@ -1076,43 +1394,69 @@ class installer extends installer_base
 		$command = "chmod +x $install_dir/server/scripts/*.sh";
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
+		if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
+			$sql = "UPDATE sys_user SET passwort = ? WHERE username = 'admin';";
+			$this->db->query($sql, $this->crypt_password($conf['interface_password']));
+		}
+
 		if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
 			//* Copy the ISPConfig vhost for the controlpanel
-			$content = $this->get_template_file("apache_ispconfig.vhost", true);
-			$content = str_replace('{vhost_port}', $conf['apache']['vhost_port'], $content);
+			$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
+			//$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
 
-			//* comment out the listen directive if port is 80 or 443
-			if ($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
-				$content = str_replace('{vhost_port_listen}', '#', $content);
+			// Dont just copy over the virtualhost template but add some custom settings
+			$tpl = new tpl();
+  		if (file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/apache_ispconfig.vhost.master")) {
+  			$tpl->newTemplate($conf['ispconfig_install_dir']."/server/conf-custom/install/apache_ispconfig.vhost.master");
+  		} else {
+  			$tpl->newTemplate("dist/tpl/gentoo/apache_ispconfig.vhost.master");
+  		}
+			$tpl->setVar('vhost_port',$conf['apache']['vhost_port']);
+
+			// comment out the listen directive if port is 80 or 443
+			if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
+				$tpl->setVar('vhost_port_listen','#');
 			} else {
-				$content = str_replace('{vhost_port_listen}', '', $content);
+				$tpl->setVar('vhost_port_listen','');
 			}
 
 			if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
-				$content = str_replace('{ssl_comment}', '', $content);
+				$tpl->setVar('ssl_comment','');
 			} else {
-				$content = str_replace('{ssl_comment}', '#', $content);
+				$tpl->setVar('ssl_comment','#');
 			}
 			if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
-				$content = str_replace('{ssl_bundle_comment}', '', $content);
+				$tpl->setVar('ssl_bundle_comment','');
 			} else {
-				$content = str_replace('{ssl_bundle_comment}', '#', $content);
+				$tpl->setVar('ssl_bundle_comment','#');
 			}
 
-			$vhost_path = $conf['apache']['vhost_conf_dir'].'/ispconfig.vhost';
-			$this->write_config_file($vhost_path, $content);
-
-			if(!is_file('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
-				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig_fcgi_starter.master', 'tpl/apache_ispconfig_fcgi_starter.master');
-				$content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
-				$content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
-				@mkdir('/var/www/php-fcgi-scripts/ispconfig', 0755, true);
-				wf('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
-				exec('chmod +x /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
-				chmod('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', 0755);
-				@symlink($install_dir.'/interface/web', '/var/www/ispconfig');
-				exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig');
-			}
+			$tpl->setVar('apache_version',getapacheversion());
+
+			wf($vhost_conf_dir.'/ispconfig.vhost', $tpl->grab());
+
+			//* and create the symlink
+			/*if($this->is_update == false) {
+				if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
+				if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
+					symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');
+				}
+			}*/
+			//if(!is_file('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
+			$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig_fcgi_starter.master', 'tpl/apache_ispconfig_fcgi_starter.master');
+			$content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
+			$content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
+			@mkdir('/var/www/php-fcgi-scripts/ispconfig', 0755, true);
+			$this->set_immutable('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', false);
+			wf('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
+			exec('chmod +x /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
+			@symlink($install_dir.'/interface/web', '/var/www/ispconfig');
+			exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig');
+			$this->set_immutable('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', true);
+			//}
+      
+      // unlink acme vhost symlink
+      if(is_link($vhost_conf_dir . '/999-acme.conf') && file_exists($vhost_conf_dir . '/acme.conf')) unlink($vhost_conf_dir . '/999-acme.conf');
 		}
 
 		if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
@@ -1125,11 +1469,11 @@ class installer extends installer_base
 			$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
 
 			if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
-				$content = str_replace('{ssl_on}', ' on', $content);
+				$content = str_replace('{ssl_on}', 'ssl http2', $content);
 				$content = str_replace('{ssl_comment}', '', $content);
 				$content = str_replace('{fastcgi_ssl}', 'on', $content);
 			} else {
-				$content = str_replace('{ssl_on}', ' off', $content);
+				$content = str_replace('{ssl_on}', '', $content);
 				$content = str_replace('{ssl_comment}', '#', $content);
 				$content = str_replace('{fastcgi_ssl}', 'off', $content);
 			}
@@ -1167,46 +1511,50 @@ class installer extends installer_base
 		}
 
 		//* Install the update script
-		if (is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) {
-			unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
-		}
-
+		if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
 		chown($install_dir.'/server/scripts/update_from_dev.sh', 'root');
 		chmod($install_dir.'/server/scripts/update_from_dev.sh', 0700);
-		chown($install_dir.'/server/scripts/update_from_tgz.sh', 'root');
-		chmod($install_dir.'/server/scripts/update_from_tgz.sh', 0700);
+//		chown($install_dir.'/server/scripts/update_from_tgz.sh', 'root');
+//		chmod($install_dir.'/server/scripts/update_from_tgz.sh', 0700);
 		chown($install_dir.'/server/scripts/ispconfig_update.sh', 'root');
 		chmod($install_dir.'/server/scripts/ispconfig_update.sh', 0700);
-
-		if (!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) {
-			symlink($install_dir.'/server/scripts/ispconfig_update.sh', '/usr/local/bin/ispconfig_update_from_dev.sh');
-		}
-
-		if (!is_link('/usr/local/bin/ispconfig_update.sh')) {
-			symlink($install_dir.'/server/scripts/ispconfig_update.sh', '/usr/local/bin/ispconfig_update.sh');
-		}
+		if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) symlink($install_dir.'/server/scripts/ispconfig_update.sh', '/usr/local/bin/ispconfig_update_from_dev.sh');
+		if(!is_link('/usr/local/bin/ispconfig_update.sh')) symlink($install_dir.'/server/scripts/ispconfig_update.sh', '/usr/local/bin/ispconfig_update.sh');
+
+		// Install ISPConfig cli command
+		if(is_file('/usr/local/bin/ispc')) unlink('/usr/local/bin/ispc');
+		chown($install_dir.'/server/cli/ispc', 'root');
+		chmod($install_dir.'/server/cli/ispc', 0700);
+		symlink($install_dir.'/server/cli/ispc', '/usr/local/bin/ispc');
+
+		// Make executable then unlink and symlink letsencrypt pre, post and renew hook scripts
+		chown($install_dir.'/server/scripts/letsencrypt_pre_hook.sh', 'root');
+		chown($install_dir.'/server/scripts/letsencrypt_post_hook.sh', 'root');
+		chown($install_dir.'/server/scripts/letsencrypt_renew_hook.sh', 'root');
+		chmod($install_dir.'/server/scripts/letsencrypt_pre_hook.sh', 0700);
+		chmod($install_dir.'/server/scripts/letsencrypt_post_hook.sh', 0700);
+		chmod($install_dir.'/server/scripts/letsencrypt_renew_hook.sh', 0700);
+		if(is_link('/usr/local/bin/letsencrypt_pre_hook.sh')) unlink('/usr/local/bin/letsencrypt_pre_hook.sh');
+		if(is_link('/usr/local/bin/letsencrypt_post_hook.sh')) unlink('/usr/local/bin/letsencrypt_post_hook.sh');
+		if(is_link('/usr/local/bin/letsencrypt_renew_hook.sh')) unlink('/usr/local/bin/letsencrypt_renew_hook.sh');
+		symlink($install_dir.'/server/scripts/letsencrypt_pre_hook.sh', '/usr/local/bin/letsencrypt_pre_hook.sh');
+		symlink($install_dir.'/server/scripts/letsencrypt_post_hook.sh', '/usr/local/bin/letsencrypt_post_hook.sh');
+		symlink($install_dir.'/server/scripts/letsencrypt_renew_hook.sh', '/usr/local/bin/letsencrypt_renew_hook.sh');
 
 		//* Make the logs readable for the ispconfig user
-		if (is_file('/var/log/maillog')) {
-			exec('chmod +r /var/log/maillog');
-		}
-		if (is_file('/var/log/messages')) {
-			exec('chmod +r /var/log/messages');
-		}
-		if (is_file('/var/log/clamav/clamav.log')) {
-			exec('chmod +r /var/log/clamav/clamav.log');
-		}
-		if (is_file('/var/log/clamav/freshclam.log')) {
-			exec('chmod +r /var/log/clamav/freshclam.log');
-		}
-
-		//* Create the ispconfig log directory
-		if (!is_dir($conf['ispconfig_log_dir'])) {
-			mkdir($conf['ispconfig_log_dir']);
-		}
-		if (!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) {
+		if(@is_file('/var/log/mail.log')) exec('chmod +r /var/log/mail.log');
+		if(@is_file('/var/log/mail.warn')) exec('chmod +r /var/log/mail.warn');
+		if(@is_file('/var/log/mail.err')) exec('chmod +r /var/log/mail.err');
+		if(@is_file('/var/log/messages')) exec('chmod +r /var/log/messages');
+		if(@is_file('/var/log/clamav/clamav.log')) exec('chmod +r /var/log/clamav/clamav.log');
+		if(@is_file('/var/log/clamav/freshclam.log')) exec('chmod +r /var/log/clamav/freshclam.log');
+
+		//* Create the ispconfig log file and directory
+		if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) {
+			if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir'], 0755);
 			touch($conf['ispconfig_log_dir'].'/ispconfig.log');
 		}
+		chmod($conf['ispconfig_log_dir'].'/ispconfig.log', 0600);
 
 		//* Create the ispconfig auth log file and set uid/gid
 		if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
@@ -1215,27 +1563,56 @@ class installer extends installer_base
 		exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');
 		exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');
 
-		rename($install_dir.'/server/scripts/run-getmail.sh', '/usr/local/bin/run-getmail.sh');
-
-		if (is_user('getmail')) {
-			chown('/usr/local/bin/run-getmail.sh', 'getmail');
+		if(is_user('getmail')) {
+			rename($install_dir.'/server/scripts/run-getmail.sh', '/usr/local/bin/run-getmail.sh');
+			if(is_user('getmail')) chown('/usr/local/bin/run-getmail.sh', 'getmail');
+			chmod('/usr/local/bin/run-getmail.sh', 0744);
+		}
+
+		//* Add Log-Rotation
+		if (is_dir('/etc/logrotate.d')) {
+			@unlink('/etc/logrotate.d/logispc3'); // ignore, if the file is not there
+			/* We rotate these logs in cron_daily.php
+			$fh = fopen('/etc/logrotate.d/logispc3', 'w');
+			fwrite($fh,
+					"$conf['ispconfig_log_dir']/ispconfig.log { \n" .
+					"	weekly \n" .
+					"	missingok \n" .
+					"	rotate 4 \n" .
+					"	compress \n" .
+					"	delaycompress \n" .
+					"} \n" .
+					"$conf['ispconfig_log_dir']/cron.log { \n" .
+					"	weekly \n" .
+					"	missingok \n" .
+					"	rotate 4 \n" .
+					"	compress \n" .
+					"	delaycompress \n" .
+					"}");
+			fclose($fh);
+			*/
 		}
-		chmod('/usr/local/bin/run-getmail.sh', 0744);
 
 		//* Remove Domain module as its functions are available in the client module now
 		if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
-		
+
+		//* Disable rkhunter run and update in debian cronjob as ispconfig is running and updating rkhunter
+		if(is_file('/etc/default/rkhunter')) {
+			replaceLine('/etc/default/rkhunter', 'CRON_DAILY_RUN="yes"', 'CRON_DAILY_RUN="no"', 1, 0);
+			replaceLine('/etc/default/rkhunter', 'CRON_DB_UPDATE="yes"', 'CRON_DB_UPDATE="no"', 1, 0);
+		}
+
 		// Add symlink for patch tool
 		if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
-		
+
 		// Change mode of a few files from amavisd
 		if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
 		if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
 		if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
 		if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
-		
 	}
 
 }
 
 ?>
+

install/dist/lib/opensuse.lib.php

@@ -30,7 +30,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 class installer_dist extends installer_base {
 	protected $mailman_group = 'mailman';
-	
+
 	public function __construct() {
 		//** check apache modules */
 		$mods = getapachemodules();
@@ -42,7 +42,7 @@ class installer_dist extends installer_base {
 			swriteln($inst->lng('    AllowOverride None'));
 			swriteln($inst->lng('    Require all denied'));
 			swriteln($inst->lng('    </Directory>'."\n"));
-			
+
 			swriteln($inst->lng('    If it uses the old syntax (deny from all) ISPConfig would fail to work.'));
 		}
 	}
@@ -57,66 +57,26 @@ class installer_dist extends installer_base {
 			$this->error("The postfix configuration directory '$config_dir' does not exist.");
 		}
 
-		//* mysql-virtual_domains.cf
-		$this->process_postfix_config('mysql-virtual_domains.cf');
-
-		//* mysql-virtual_forwardings.cf
-		$this->process_postfix_config('mysql-virtual_forwardings.cf');
-
-		//* mysql-virtual_mailboxes.cf
-		$this->process_postfix_config('mysql-virtual_mailboxes.cf');
-
-		//* mysql-virtual_email2email.cf
-		$this->process_postfix_config('mysql-virtual_email2email.cf');
-
-		//* mysql-virtual_transports.cf
-		$this->process_postfix_config('mysql-virtual_transports.cf');
-
-		//* mysql-virtual_recipient.cf
-		$this->process_postfix_config('mysql-virtual_recipient.cf');
-
-		//* mysql-virtual_sender.cf
-		$this->process_postfix_config('mysql-virtual_sender.cf');
-
-		//* mysql-virtual_sender_login_maps.cf
-		$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
-		
-		//* mysql-virtual_client.cf
-		$this->process_postfix_config('mysql-virtual_client.cf');
-
-		//* mysql-virtual_relaydomains.cf
-		$this->process_postfix_config('mysql-virtual_relaydomains.cf');
-
-		//* mysql-virtual_relayrecipientmaps.cf
-		$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
-
-		//* mysql-virtual_policy_greylist.cf
-		$this->process_postfix_config('mysql-virtual_policy_greylist.cf');
-
-		//* mysql-virtual_gids.cf.master
-		$this->process_postfix_config('mysql-virtual_gids.cf');
-
-		//* mysql-virtual_uids.cf
-		$this->process_postfix_config('mysql-virtual_uids.cf');
-
-		//* postfix-dkim
-		$full_file_name=$config_dir.'/tag_as_originating.re';
-		if(is_file($full_file_name)) {
-			copy($full_file_name, $config_dir.$configfile.'~');
+		//* Install virtual mappings
+		foreach (glob('tpl/mysql-virtual_*.master') as $filename) {
+			$this->process_postfix_config( basename($filename, '.master') );
 		}
-		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
 
-		$full_file_name=$config_dir.'/tag_as_foreign.re';
-		if(is_file($full_file_name)) {
-			copy($full_file_name, $config_dir.$configfile.'~');
-		}
-		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
+		//* mysql-verify_recipients.cf
+		$this->process_postfix_config('mysql-verify_recipients.cf');
 
-		//* Changing mode and group of the new created config files.
-		caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
-			__FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed');
-		caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
-			__FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed');
+		//* postfix-dkim
+		$filename='tag_as_originating.re';
+		$full_file_name=$config_dir.'/'.$filename;
+		if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master');
+		wf($full_file_name, $content);
+
+		$filename='tag_as_foreign.re';
+		$full_file_name=$config_dir.'/'.$filename;
+		if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master');
+		wf($full_file_name, $content);
 
 		if(!is_dir($cf['vmail_mailbox_base'])) mkdir($cf['vmail_mailbox_base']);
 
@@ -159,13 +119,31 @@ class installer_dist extends installer_base {
 		if($conf['postgrey']['installed'] == true) {
 			$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
 		}
-		
+
 		$reject_sender_login_mismatch = '';
+		$reject_authenticated_sender_login_mismatch = '';
 		if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
-			$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
+			$reject_sender_login_mismatch = ', reject_sender_login_mismatch';
+			$reject_authenticated_sender_login_mismatch = 'reject_authenticated_sender_login_mismatch, ';
+		}
+
+		# placeholder includes comment char
+		$stress_adaptive_placeholder = '#{stress_adaptive} ';
+		$stress_adaptive = (isset($server_ini_array['mail']['stress_adaptive']) && ($server_ini_array['mail']['stress_adaptive'] == 'y')) ? '' : $stress_adaptive_placeholder;
+
+		$reject_unknown_client_hostname='';
+		if (isset($server_ini_array['mail']['reject_unknown']) && ($server_ini_array['mail']['reject_unknown'] == 'client' || $server_ini_array['mail']['reject_unknown'] == 'client_helo')) {
+			$reject_unknown_client_hostname=',reject_unknown_client_hostname';
 		}
+		$reject_unknown_helo_hostname='';
+		if ((!isset($server_ini_array['mail']['reject_unknown'])) || $server_ini_array['mail']['reject_unknown'] == 'helo' || $server_ini_array['mail']['reject_unknown'] == 'client_helo') {
+			$reject_unknown_helo_hostname=',reject_unknown_helo_hostname';
+		}
+
 		unset($server_ini_array);
-		
+
+		$myhostname = str_replace('.','\.',$conf['hostname']);
+
 		$postconf_placeholders = array('{config_dir}' => $config_dir,
 			'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
 			'{vmail_userid}' => $cf['vmail_userid'],
@@ -173,8 +151,13 @@ class installer_dist extends installer_base {
 			'{rbl_list}' => $rbl_list,
 			'{greylisting}' => $greylisting,
 			'{reject_slm}' => $reject_sender_login_mismatch,
+			'{reject_aslm}' => $reject_authenticated_sender_login_mismatch,
+			'{myhostname}' => $myhostname,
+			$stress_adaptive_placeholder => $stress_adaptive,
+			'{reject_unknown_client_hostname}' => $reject_unknown_client_hostname,
+			'{reject_unknown_helo_hostname}' => $reject_unknown_helo_hostname,
 		);
-		
+
 		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_postfix.conf.master', 'tpl/opensuse_postfix.conf.master');
 		$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
 		$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines
@@ -193,6 +176,7 @@ class installer_dist extends installer_base {
 		touch($config_dir.'/mime_header_checks');
 		touch($config_dir.'/nested_header_checks');
 		touch($config_dir.'/body_checks');
+		touch($config_dir.'/sasl_passwd');
 
 		//* Create the mailman files
 		if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
@@ -378,13 +362,13 @@ class installer_dist extends installer_base {
 		$virtual_transport = 'dovecot';
 
 		$configure_lmtp = false;
-		
+
 		// check if virtual_transport must be changed
 		if ($this->is_update) {
 			$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
 			$ini_array = ini_to_array(stripslashes($tmp['config']));
 			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
-			
+
 			if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
 				$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
 				$configure_lmtp = true;
@@ -399,7 +383,7 @@ class installer_dist extends installer_base {
 			if(is_file($config_dir.'/master.cf')){
 				copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
 			}
-			if(is_file($config_dir.'/master.cf~')){
+			if(is_file($config_dir.'/master.cf~2')){
 				chmod($config_dir.'/master.cf~2', 0400);
 			}
 			//* Configure master.cf and add a line for deliver
@@ -487,7 +471,7 @@ class installer_dist extends installer_base {
 
 		exec("chmod 600 $config_dir/$configfile");
 		exec("chown root:root $config_dir/$configfile");
-		
+
 		// Dovecot shall ignore mounts in website directory
 		if(is_installed('doveadm')) exec("doveadm mount add '/srv/www/*' ignore > /dev/null 2> /dev/null");
 
@@ -507,7 +491,7 @@ class installer_dist extends installer_base {
 		$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
 		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
 		$content = str_replace('{hostname}', $conf['hostname'], $content);
-		$content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir']);
+		$content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir'], $content);
 		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
 		chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
 
@@ -529,31 +513,28 @@ class installer_dist extends installer_base {
 
 		$config_dir = $conf['postfix']['config_dir'];
 
-		// Adding amavis-services to the master.cf file if the service does not already exists
-		$add_amavis = !$this->get_postfix_service('amavis','unix');
-		$add_amavis_10025 = !$this->get_postfix_service('127.0.0.1:10025','inet');
-		$add_amavis_10027 = !$this->get_postfix_service('127.0.0.1:10027','inet');
-
-		if ($add_amavis || $add_amavis_10025 || $add_amavis_10027) {
-			//* backup master.cf
-			if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
-			// adjust amavis-config
-			if($add_amavis) {
-				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
-				af($config_dir.'/master.cf', $content);
-				unset($content);
-			}
-			if ($add_amavis_10025) {
-				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
-				af($config_dir.'/master.cf', $content);
-				unset($content);
-			}
-			if ($add_amavis_10027) {
-				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
-				af($config_dir.'/master.cf', $content);
-				unset($content);
-			}
-		}
+		// Adding amavis-services to the master.cf file
+
+		// backup master.cf
+		if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
+
+		// first remove the old service definitions
+		$this->remove_postfix_service('amavis','unix');
+		$this->remove_postfix_service('127.0.0.1:10025','inet');
+		$this->remove_postfix_service('127.0.0.1:10027','inet');
+
+		// then add them back
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
+		af($config_dir.'/master.cf', $content);
+		unset($content);
+
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
+		af($config_dir.'/master.cf', $content);
+		unset($content);
+
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
+		af($config_dir.'/master.cf', $content);
+		unset($content);
 
 		// Add the clamav user to the vscan group
 		//exec('groupmod --add-user clamav vscan');
@@ -659,7 +640,7 @@ class installer_dist extends installer_base {
 		if($conf['apache']['installed'] == false) return;
 		//* Create the logging directory for the vhost logfiles
 		exec('mkdir -p /var/log/ispconfig/httpd');
-		
+
 		//* enable apache logio module
 		exec('a2enmod logio');
 
@@ -690,10 +671,16 @@ class installer_dist extends installer_base {
 
 		$tpl = new tpl('apache_ispconfig.conf.master');
 		$tpl->setVar('apache_version',getapacheversion());
-		
+
+		if($this->is_update == true) {
+			$tpl->setVar('logging',get_logging_state());
+		} else {
+			$tpl->setVar('logging','yes');
+		}
+
 		$records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
 		$ip_addresses = array();
-		
+
 		if(is_array($records) && count($records) > 0) {
 			foreach($records as $rec) {
 				if($rec['ip_type'] == 'IPv6') {
@@ -712,7 +699,7 @@ class installer_dist extends installer_base {
 				}
 			}
 		}
-		
+
 		if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
 
 		wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
@@ -817,6 +804,16 @@ class installer_dist extends installer_base {
 		//* add a sshusers group
 		$command = 'groupadd sshusers';
 		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+		// add anonymized log option to nginxx.conf file
+		$nginx_conf_file = $conf['nginx']['config_dir'].'/nginx.conf';
+		if(is_file($nginx_conf_file)) {
+			$tmp = file_get_contents($nginx_conf_file);
+			if(!stristr($tmp, 'log_format anonymized')) {
+				copy($nginx_conf_file,$nginx_conf_file.'~');
+				replaceLine($nginx_conf_file, 'http {', "http {\n\n".file_get_contents('tpl/nginx_anonlog.master'), 0, 0);
+			}
+		}
 	}
 
 	public function configure_bastille_firewall()
@@ -909,14 +906,14 @@ class installer_dist extends installer_base {
 		//* copy the ISPConfig server part
 		$command = "cp -rf ../server $install_dir";
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
 		//* Make a backup of the security settings
 		if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
-		
+
 		//* copy the ISPConfig security part
 		$command = 'cp -rf ../security '.$install_dir;
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
 		//* Apply changed security_settings.ini values to new security_settings.ini file
 		if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
 			$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
@@ -1074,15 +1071,19 @@ class installer_dist extends installer_base {
 		//* chown the interface files to the ispconfig user and group
 		$command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
+		//* chown the extensions directory to the ispconfig user and group
+		$command = 'chown ispconfig:ispconfig '.$install_dir.'/extensions';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
 		//* chown the server files to the root user and group
 		$command = 'chown -R root:root '.$install_dir.'/server';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
 		//* chown the security files to the root user and group
 		$command = 'chown -R root:root '.$install_dir.'/security';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
 		//* chown the security directory and security_settings.ini to root:ispconfig
 		$command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
@@ -1094,6 +1095,8 @@ class installer_dist extends installer_base {
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 		$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		//* Make the global language file directory group writable
 		exec("chmod -R 770 $install_dir/interface/lib/lang");
@@ -1135,12 +1138,12 @@ class installer_dist extends installer_base {
 			exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");
 			exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");
 		}
-		
+
 		if(is_dir($install_dir.'/interface/invoices')) {
 			exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
 			exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
 		}
-		
+
 		exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
 
 		// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
@@ -1170,6 +1173,11 @@ class installer_dist extends installer_base {
 		$command = "chmod +x $install_dir/server/scripts/*.sh";
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
+		if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
+			$sql = "UPDATE sys_user SET passwort = ? WHERE username = 'admin';";
+			$this->db->query($sql, $this->crypt_password($conf['interface_password']));
+		}
+
 		if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
 			//* Copy the ISPConfig vhost for the controlpanel
 			// TODO: These are missing! should they be "vhost_dist_*_dir" ?
@@ -1198,7 +1206,7 @@ class installer_dist extends installer_base {
 			} else {
 				$tpl->setVar('ssl_bundle_comment','#');
 			}
-			
+
 			$tpl->setVar('apache_version',getapacheversion());
 
 			$content = $tpl->grab();
@@ -1210,10 +1218,12 @@ class installer_dist extends installer_base {
 			$content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
 			$content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
 			exec('mkdir -p /srv/www/php-fcgi-scripts/ispconfig');
+			$this->set_immutable('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', false);
 			wf('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
 			exec('chmod +x /srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
 			exec('ln -s /usr/local/ispconfig/interface/web /srv/www/ispconfig');
 			exec('chown -R ispconfig:ispconfig /srv/www/php-fcgi-scripts/ispconfig');
+			$this->set_immutable('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', true);
 
 			//}
 
@@ -1241,11 +1251,11 @@ class installer_dist extends installer_base {
 			$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
 
 			if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
-				$content = str_replace('{ssl_on}', ' on', $content);
+				$content = str_replace('{ssl_on}', 'ssl', $content);
 				$content = str_replace('{ssl_comment}', '', $content);
 				$content = str_replace('{fastcgi_ssl}', 'on', $content);
 			} else {
-				$content = str_replace('{ssl_on}', ' off', $content);
+				$content = str_replace('{ssl_on}', '', $content);
 				$content = str_replace('{ssl_comment}', '#', $content);
 				$content = str_replace('{fastcgi_ssl}', 'off', $content);
 			}
@@ -1318,6 +1328,7 @@ class installer_dist extends installer_base {
 		//* Create the ispconfig log directory
 		if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
 		if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
+		chmod($conf['ispconfig_log_dir'].'/ispconfig.log', 0600);
 
 		if(is_user('getmail')) {
 			exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
@@ -1339,10 +1350,10 @@ class installer_dist extends installer_base {
 
 		//* Remove Domain module as its functions are available in the client module now
 		if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
-		
+
 		// Add symlink for patch tool
 		if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
-		
+
 		// Change mode of a few files from amavisd
 		if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
 		if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);

install/dist/tpl/gentoo/amavisd-ispconfig.conf.master

@@ -51,11 +51,12 @@ use strict;
 $sql_select_policy =
    'SELECT *,spamfilter_users.id'.
    ' FROM spamfilter_users LEFT JOIN spamfilter_policy ON spamfilter_users.policy_id=spamfilter_policy.id'.
-   ' WHERE spamfilter_users.email IN (%k) ORDER BY spamfilter_users.priority DESC';
+   ' WHERE spamfilter_users.email IN (%k) AND spamfilter_users.policy_id != 0'.
+   ' ORDER BY spamfilter_users.priority DESC';
 
 
 $sql_select_white_black_list = 'SELECT wb FROM spamfilter_wblist'.
-    ' WHERE (spamfilter_wblist.rid=?) AND (spamfilter_wblist.email IN (%k))' .
+    ' WHERE (spamfilter_wblist.rid=?) AND (spamfilter_wblist.email IN (%k)) AND (spamfilter_wblist.active="y")' .
     ' ORDER BY spamfilter_wblist.priority DESC';
 
 #
@@ -67,7 +68,7 @@ $final_spam_destiny = D_DISCARD;
 $final_banned_destiny = D_BOUNCE;
 $final_bad_header_destiny = D_PASS;
 
-# Default settings, we st this very high to not filter aut emails accidently
+# Default settings, we set this very high to not filter out emails accidentally
 $sa_spam_subject_tag = '***SPAM*** ';
 $sa_tag_level_deflt  = 20.0;  # add spam info headers if at, or above that level
 $sa_tag2_level_deflt = 60.0; # add 'spam detected' headers at that level
@@ -104,6 +105,9 @@ $policy_bank{'ORIGINATING'} = {
   originating => 1,
   smtpd_discard_ehlo_keywords => ['8BITMIME'],
 };
+$policy_bank{'MYNETS'} = {
+  originating => 1,
+};
 
 # IP-Addresses for internal networks => load policy MYNETS
 # - requires -o smtp_send_xforward_command=yes in postfix master.cf
@@ -112,9 +116,10 @@ $policy_bank{'ORIGINATING'} = {
 # Allow SMTP access from IPs in @inet_acl to amvisd SMTP Port
 @inet_acl = qw( 127.0.0.1 [::1] 192.168.0.0/16 );
 
-$signed_header_fields{'received'} = 0; # turn off signing of Received
+# DKIM
 $enable_dkim_verification = 1;
-$enable_dkim_signing = 1;
+$enable_dkim_signing = 1; # load DKIM signing code
+$signed_header_fields{'received'} = 0;  # turn off signing of Received
 @dkim_signature_options_bysender_maps = (
 { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
 

install/dist/tpl/gentoo/apache_ispconfig.vhost.master

@@ -4,64 +4,142 @@
 # for the ISPConfig controlpanel
 ######################################################
 
-{vhost_port_listen} Listen {vhost_port}
-NameVirtualHost *:{vhost_port}
+<tmpl_var name="vhost_port_listen"> Listen <tmpl_var name="vhost_port">
+NameVirtualHost *:<tmpl_var name="vhost_port">
 
-<VirtualHost _default_:{vhost_port}>
+<VirtualHost _default_:<tmpl_var name="vhost_port">>
   ServerAdmin webmaster@localhost
+
+  Alias /mail /var/www/ispconfig/mail
+  
+  <Directory /var/www/ispconfig/>
+    <FilesMatch "\.ph(p3?|tml)$">
+      SetHandler None
+    </FilesMatch>
+  </Directory>
+  <Directory /usr/local/ispconfig/interface/web/>
+    <FilesMatch "\.ph(p3?|tml)$">
+      SetHandler None
+    </FilesMatch>
+  </Directory>
   
   <IfModule mod_fcgid.c>
     DocumentRoot /var/www/ispconfig/
     SuexecUserGroup ispconfig ispconfig
     <Directory /var/www/ispconfig/>
-      Options +Indexes +FollowSymLinks +MultiViews +ExecCGI
+      Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
       AllowOverride AuthConfig Indexes Limit Options FileInfo
-      <FilesMatch "\.ph(p[3-5]?|tml)$">
+      <FilesMatch "\.php$">
            SetHandler fcgid-script
       </FilesMatch>
       FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
+      <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+      Require all granted
+      <tmpl_else>
       Order allow,deny
       Allow from all
+      </tmpl_if>
     </Directory>
     DirectoryIndex index.php
+    IPCCommTimeout  7200
+    MaxRequestLen 15728640
   </IfModule>
   
-  <IfModule mod_php5.c>
+  <IfModule mod_proxy_fcgi.c>
+    DocumentRoot /usr/local/ispconfig/interface/web
+    SuexecUserGroup ispconfig ispconfig
+    DirectoryIndex index.php
+
+    <Directory /usr/local/ispconfig/interface/web>
+      Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
+      AllowOverride AuthConfig Indexes Limit Options FileInfo
+      <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+      Require all granted
+      <tmpl_else>
+      Order allow,deny
+      Allow from all
+      </tmpl_if>
+      <FilesMatch \.php$>
+         #SetHandler "proxy:unix:/var/lib/php5-fpm/ispconfig.sock|fcgi://localhost"
+         SetHandler "proxy:fcgi://127.0.0.1:9000"
+      </FilesMatch>
+    </Directory>
+  </IfModule>
+
+  <IfModule mpm_itk_module>
     DocumentRoot /usr/local/ispconfig/interface/web/
+    AssignUserId ispconfig ispconfig
     AddType application/x-httpd-php .php
     <Directory /usr/local/ispconfig/interface/web>
+      # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
       Options +FollowSymLinks
       AllowOverride None
+      <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+      Require all granted
+      <tmpl_else>
       Order allow,deny
       Allow from all
-	  php_value magic_quotes_gpc        0
+      </tmpl_if>
+      php_value magic_quotes_gpc        0
     </Directory>
   </IfModule>
-  
+
   # ErrorLog /var/log/apache2/error.log
   # CustomLog /var/log/apache2/access.log combined
   ServerSignature Off
-  
+
   <IfModule mod_security2.c>
     SecRuleEngine Off
   </IfModule>
 
   # SSL Configuration
-  {ssl_comment}SSLEngine On
-  {ssl_comment}SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
-  {ssl_comment}SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
+  <tmpl_var name="ssl_comment">SSLEngine On
+  <tmpl_if name='apache_version' op='>=' value='2.3.16' format='version'>
+  <tmpl_var name="ssl_comment">SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
+  <tmpl_else>
+  <tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
+  </tmpl_if>
+  <tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
+  <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
+  <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
 
-</VirtualHost>
+  <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+  <tmpl_var name="ssl_comment">SSLHonorCipherOrder On
+  <tmpl_if name='apache_version' op='>=' value='2.4.3' format='version'>
+  <tmpl_var name="ssl_comment">SSLCompression Off
+  </tmpl_if>
+  <tmpl_if name='apache_version' op='>=' value='2.4.11' format='version'>
+  <tmpl_var name="ssl_comment">SSLSessionTickets Off
+  </tmpl_if>
 
-<Directory /var/www/php-cgi-scripts>
-    AllowOverride None
-    Order Deny,Allow
-    Deny from all
-</Directory>
+  <IfModule mod_headers.c>
+    # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
+    Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'"
+    <tmpl_var name="ssl_comment">Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
+    Header set X-Content-Type-Options: nosniff
+    Header set X-Frame-Options: SAMEORIGIN
+    Header set X-XSS-Protection: "1; mode=block"
+    Header always edit Set-Cookie (.*) "$1; HTTPOnly"
+    <tmpl_var name="ssl_comment">Header always edit Set-Cookie (.*) "$1; Secure"
+    <IfModule mod_version.c>
+      <IfVersion >= 2.4.7>
+          Header setifempty Strict-Transport-Security "max-age=15768000"
+      </IfVersion>
+      <IfVersion < 2.4.7>
+          Header set Strict-Transport-Security "max-age=15768000"
+      </IfVersion>
+    </IfModule>
+    RequestHeader unset Proxy early
+  </IfModule>
 
-<Directory /var/www/php-fcgi-scripts>
-    AllowOverride None
-    Order Deny,Allow
-    Deny from all
-</Directory>
+  <tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
+  <tmpl_var name="ssl_comment">SSLUseStapling On
+  <tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
+  <tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors Off
+  </tmpl_if>
+  
+  # Redirect http to https
+  ErrorDocument 400 "<script>document.location.href='https://'+location.hostname+':'+location.port';</script><h1>Error 400 - trying to redirect</h1>"
+
+</VirtualHost>